CVE-2012-3521: GeSHi vulnerable to Directory Traversal

May 17, 2022 (updated April 14, 2025)

Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=685324
github.com/GeSHi/geshi-1.0
github.com/advisories/GHSA-fw3x-2pr2-5j64
nvd.nist.gov/vuln/detail/CVE-2012-3521

Code Behaviors & Features

Detect and mitigate CVE-2012-3521 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →