Directory Traversal Affecting sympa package, versions <6.2.32~dfsg-1


Severity

Recommended
0.0
critical
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.29% (70th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Directory Traversal vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-DEBIAN13-SYMPA-5696717
  • published26 Jun 2018
  • disclosed26 Jun 2018

Introduced: 26 Jun 2018

CVE-2018-1000550  (opens in a new tab)
CWE-22  (opens in a new tab)

How to fix?

Upgrade Debian:13 sympa to version 6.2.32~dfsg-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream sympa package and not the sympa package as distributed by Debian. See How to fix? for Debian:13 relevant fixed versions and status.

The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32.