Directory Traversal Affecting ceph-common package, versions *


Severity

Recommended
high

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
3.14% (87th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL10-CEPHCOMMON-11487776
  • published6 Aug 2025
  • disclosed1 Jan 2020

Introduced: 1 Jan 2020

CVE-2020-27304  (opens in a new tab)
CWE-22  (opens in a new tab)

How to fix?

There is no fixed version for RHEL:10 ceph-common.

NVD Description

Note: Versions mentioned in the description apply only to the upstream ceph-common package and not the ceph-common package as distributed by RHEL. See How to fix? for RHEL:10 relevant fixed versions and status.

The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal

CVSS Base Scores

version 3.1