New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2021-40978 - Path Traversal. #2601
Comments
|
It should be mentioned the dev server is known to not be secure and should not be used in a sensitive environment. The security flaw is using the dev-server in an unsafe way, e.g., as a public server and not just as a development server. |
|
Thanks for the report. Perhaps you could try out with the fix in #2604. |
Mazzya
added a commit
to Frit-Apps/password-generator-module
that referenced
this issue
Oct 18, 2021
Package update 'Mkdocs': [Fix](mkdocs/mkdocs#2601) for vulnerability [CVE-2021-40978](https://nvd.nist.gov/vuln/detail/CVE-2021-40978)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey!
We have verified a security flaw in the current version of MKdocs, a path traversal failure affecting the built-in dev-server.
That flaw turns the server susceptible to providing data outside the scope of the application allowing anyone to request sensitive files.
If you need further information, don't hesitate to get in touch with me.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40978
https://github.com/nisdn/CVE-2021-40978
The text was updated successfully, but these errors were encountered: