Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4OGctcXg0Mi14ZnJo
Path traversal in bolt/core
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.
Permalink: https://github.com/advisories/GHSA-q88g-qx42-xfrhJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4OGctcXg0Mi14ZnJo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 4 years ago
Updated: almost 2 years ago
Identifiers: GHSA-q88g-qx42-xfrh, CVE-2021-27367
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-27367
- https://github.com/bolt/core/pull/2371
- https://github.com/bolt/core/releases/tag/4.1.13
- https://packagist.org/packages/bolt/core
- https://github.com/advisories/GHSA-q88g-qx42-xfrh
Blast Radius: 0.0
Affected Packages
packagist:bolt/core
Dependent packages: 50Dependent repositories: 69
Downloads: 119,150 total
Affected Version Ranges: < 4.1.13
Fixed in: 4.1.13
All affected versions: 4.0.0, 4.0.1, 4.1.0, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12
All unaffected versions: 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.1.19, 4.1.20, 4.1.21, 4.1.22, 4.1.23, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.1.23, 5.1.24