Vulnerabilities > Cherrypy

DATE CVE VULNERABILITY TITLE RISK
2008-01-12 CVE-2008-0252 Path Traversal vulnerability in Cherrypy 2.2.1/3.0.0/3.0.1
Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.
network
low complexity
cherrypy CWE-22
7.5
2006-02-22 CVE-2006-0847 Directory Traversal vulnerability in CherryPy StaticFilter
Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.
network
low complexity
cherrypy
5.0