CVE-2015-8747: Radicale vulnerable to arbitrary file read or write
(updated )
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.
References
- github.com/Kozea/Radicale
- github.com/Kozea/Radicale/commit/18c88642fb19ee1480690e51fff9605ecc6fdab5
- github.com/Kozea/Radicale/pull/343
- github.com/Unrud/Radicale/commit/bcaf452e516c02c9bed584a73736431c5e8831f1
- github.com/advisories/GHSA-fgqv-96v9-w23m
- github.com/pypa/advisory-database/tree/main/vulns/radicale/PYSEC-2016-36.yaml
- nvd.nist.gov/vuln/detail/CVE-2015-8747
- web.archive.org/web/20200804235922/http://www.securityfocus.com/bid/80255
Detect and mitigate CVE-2015-8747 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →