CVE-2021-33896Path Traversal in Dino

CWE-22Path Traversal4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.5%
top 32.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
DinoDebian Dino-imFedoraproject Fedora
Timeline
PublishedJun 7
Latest updateMay 24

Description

Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDdino/dino0.2.00.2.1+1
debiandebian/dino-im< dino-im 0.2.0-3 (bookworm)

Also affects: Fedora 33, 34

Patches

Patch: www.openwall.comPatch: dino.imPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-8j28-3ggh-xffw: Dino before 02022-05-24
OSV
CVE-2021-33896: Dino before 02021-06-07

📋Vendor Advisories

1
Debian
CVE-2021-33896: dino-im - Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for cr...2021
CVE-2021-33896 — Path Traversal in Dino | cvebase