Unbit Uwsgi vulnerabilities
3 known vulnerabilities affecting unbit/uwsgi.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2023-27522HIGHCVSS 7.5fixed in 2.0.222023-03-07
CVE-2023-27522 [HIGH] CWE-444 CVE-2023-27522: HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.
Special characters in the origin response header can truncate/split the response forwarded to the client.
nvd
CVE-2018-7490HIGHCVSS 7.5PoCfixed in 2.0.172018-02-26
CVE-2018-7490 [HIGH] CWE-22 CVE-2018-7490: uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowin
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
nvd
CVE-2018-6758CRITICALCVSS 9.8≤ 2.0.152018-02-06
CVE-2018-6758 [CRITICAL] CWE-787 CVE-2018-6758: The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffe
The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.
nvd