[3.7] uwsgi: PHP Plugin Directory Traversal (CVE-2018-7490)
CVE-2018-7490: uwsgi before 2.0.17 mishandles a DOCUMENT_ROOT check
during use
of the —php-docroot option, allowing directory traversal.
Fixed In Version:
uwsgi 2.0.17
References:
https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.17.html
https://nvd.nist.gov/vuln/detail/CVE-2018-7490
Patch:
https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
(from redmine: issue id 8734, created on 2018-03-26, closed on 2018-03-29)
- Relations:
- copied_to #8733 (closed)
- parent #8733 (closed)
- Changesets:
- Revision 1adc3a18 by Natanael Copa on 2018-03-27T12:43:01Z:
main/uwsgi: security upgrade to 2.0.17 (CVE-2018-6758,CVE-2018-7490)
fixes #8734
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information