Vulnerability	Vulnerable Version
C Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Lektor is an A static content management system. Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). An attacker can execute arbitrary shell commands by adding a malicious file to the templates directory. This exploit is triggered when a victim's web browser, running on the same machine as the `lektor server` command, accesses an untrusted website that uses JavaScript to send requests to localhost port 5000. How to fix Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')? Upgrade `Lektor` to version 3.3.11 or higher.	[,3.3.11)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Lektor is an A static content management system.

Affected versions of this package are vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). An attacker can execute arbitrary shell commands by adding a malicious file to the templates directory. This exploit is triggered when a victim's web browser, running on the same machine as the lektor server command, accesses an untrusted website that uses JavaScript to send requests to localhost port 5000.

How to fix Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')?

Upgrade Lektor to version 3.3.11 or higher.

[,3.3.11)

Go back to all versions of this package