CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
44.2%
Pyramid provided by Pylons Project, which is a web framework for Python, contains a directory traversal vulnerability (CWE-22).
index.html located one directory above the location of the static view’s file system path can be accessed via a crafted request.
Update the software
Update the software according to the information provided by the developer.
For more information, refer to the information provided by the developer.
Applications created with the following versions of Pyramid are affected when they are deployed with Python 3.11.0 to 3.11.4: