pyramid@2.0 vulnerabilities

The Pyramid Web Framework, a Pylons project

latest version

2.0.2
latest non vulnerable version

2.0.2
first published

13 years ago
latest version published

8 months ago
licenses detected
- BSD-2-Clause
  [0,)
View pyramid package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pyramid package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Information Exposure pyramid is a Python Web Framework. Affected versions of this package are vulnerable to Information Exposure. When the `os.path.normpath` function is used in conjunction with a Pyramid static view with a full filesystem path, an attacker can disclose the `index.html` file by exploiting a path traversal vulnerability. This is only exploitable if an `index.html` file is located exactly one directory above the location of the static view's file system path and the user is using Python 3.11. Mitigation: This vulnerability can be mitigated by using a version of Python 3 that is not affected, downgrading to Python 3.10 series temporarily, or waiting until Python 3.11.5 is released and upgrading to the latest version of Python 3.11 series. Note This vulnerability is caused by a specific implementation in the `pyramid` library of the underlining vulnerable code in Python as per `CVE-2023-41105` How to fix Information Exposure? Upgrade `pyramid` to version 2.0.2 or higher.	[2.0,2.0.2)

Information Exposure

pyramid is a Python Web Framework.

Affected versions of this package are vulnerable to Information Exposure. When the os.path.normpath function is used in conjunction with a Pyramid static view with a full filesystem path, an attacker can disclose the index.html file by exploiting a path traversal vulnerability. This is only exploitable if an index.html file is located exactly one directory above the location of the static view's file system path and the user is using Python 3.11.

Mitigation: This vulnerability can be mitigated by using a version of Python 3 that is not affected, downgrading to Python 3.10 series temporarily, or waiting until Python 3.11.5 is released and upgrading to the latest version of Python 3.11 series.

Note This vulnerability is caused by a specific implementation in the pyramid library of the underlining vulnerable code in Python as per CVE-2023-41105

How to fix Information Exposure?

Upgrade pyramid to version 2.0.2 or higher.

[2.0,2.0.2)

Go back to all versions of this package

pyramid@2.0 vulnerabilities

The Pyramid Web Framework, a Pylons project

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities