CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
41.6%
pyramid is vulnerable to Path Traversal. The vulnerability exists because static.py
does not properly remove null-byte characters from the path element, which allows an attacker to gain access to index.html
located exactly one directory above the location of the static view’s file system path.
github.com/Pylons/pyramid/commit/347d7750da6f45c7436dd0c31468885cc9343c85
github.com/Pylons/pyramid/security/advisories/GHSA-j8g2-6fc7-q8f8
github.com/python/cpython/issues/106242
github.com/python/cpython/pull/106816
lists.fedoraproject.org/archives/list/[email protected]/message/LYSDTQ7NP5GHPQ7HBE47MBJQK7YEIYMF/
lists.fedoraproject.org/archives/list/[email protected]/message/OQIPHQTM3XE5NIEXCTQFV2J2RK2YUSMT/