CVE-2012-3521 — Path Traversal in Geshi

CWE-22 — Path Traversal8 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 29.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qbnz Geshi Geshi Debian Geshi

Timeline

PublishedJun 13

Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶Packagistgeshi/geshi< 1.0.8.11

▶debiandebian/geshi< geshi 1.0.8.4-2 (bookworm)

▶Debianqbnz/geshi< 1.0.8.4-2+3

▶NVDqbnz/geshi1.0.8.10+6

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GeSHi vulnerable to Directory Traversal↗2022-05-17

▶

OSV

GeSHi vulnerable to Directory Traversal↗2022-05-17

▶

OSV

CVE-2012-3521: Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1↗2014-06-13

▶

📋Vendor Advisories

Debian

CVE-2012-3521: geshi - Multiple directory traversal vulnerabilities in the cssgen contrib module in GeS...↗2012

▶

💬Community

Bugzilla

CVE-2012-3521 php-geshi: Remote directory traversal and information disclosure (local file inclusion) in the contrib module↗2012-08-21

▶

Bugzilla

CVE-2012-3521 CVE-2012-3522 php-geshi: Various flaws [fedora-all]↗2012-08-21

▶

Bugzilla

CVE-2012-3521 php-geshi: Remote directory traversal and information disclosure (local file inclusion) in the contrib module [epel-all]↗2012-08-21

▶