Package uwsgi updated to version 2.0.18-alt1 for branch sisyphus in task 240920.

Published: 2018-02-06
Modified: 2024-11-21

CVE-2018-6758

The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2018-02-27
Modified: 2024-11-21

CVE-2018-7490

uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla

Version: 2.1.0