CVE-2004-1444: Roundup Directory traversal vulnerability

April 29, 2022 (updated May 9, 2024)

Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.

References

exchange.xforce.ibmcloud.com/vulnerabilities/16350
github.com/advisories/GHSA-q7mf-hp9m-cx6f
github.com/roundup-tracker/roundup
nvd.nist.gov/vuln/detail/CVE-2004-1444

Detect and mitigate CVE-2004-1444 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →