CVE-2017-8383: File and Directory Information Exposure

May 1, 2017 (updated October 3, 2019)

Craft CMS does not properly restrict viewing the contents of files in the craft/app/ folder.

References

craftcms.com/changelog
nvd.nist.gov/vuln/detail/CVE-2017-8383
twitter.com/CraftCMS/status/857743080224473088

Detect and mitigate CVE-2017-8383 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →