GLSA-200605-16 : CherryPy: Directory traversal vulnerability
Medium Nessus Plugin ID 21614
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200605-16 (CherryPy: Directory traversal vulnerability)
Ivo van der Wijk discovered that the 'staticfilter' component of CherryPy fails to sanitize input correctly.
An attacker could exploit this flaw to obtain arbitrary files from the web server.
There is no known workaround at this time.
SolutionAll CherryPy users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-python/cherrypy-2.1.1'