CVE-2023-40274

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
getzolazola
0.13.0 ≤
𝑥
≤ 0.17.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/getzola/zola/issues/2257
https://github.com/getzola/zola/pull/2258
https://github.com/getzola/zola/issues/2257
https://github.com/getzola/zola/pull/2258