CVE-2014-9707 โ€” Path Traversal in Goahead

CWE-173 documents3 sources
Severity
7.5HIGHNVD
EPSS
60.6%
top 1.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Embedthis Goahead
Timeline
PublishedMar 31
Latest updateMay 14

Description

EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

โ–ถNVDembedthis/goahead8 versions+7

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-pc28-mpvf-j77x: EmbedThis GoAhead 3โ†—2022-05-14
โ–ถ
CVEList
CVE-2014-9707: EmbedThis GoAhead 3โ†—2015-03-31
โ–ถ
CVE-2014-9707 โ€” Path Traversal in Embedthis Goahead | cvebase