CVE-2021-40978 (High) detected in mkdocs-1.0.4-py2.py3-none-any.whl #2
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-40978 - High Severity Vulnerability
Project documentation with Markdown.
Library home page: https://files.pythonhosted.org/packages/db/f9/b0179afee0db21943120ea606eb68bda1257b96420df74b775280eb5850b/mkdocs-1.0.4-py2.py3-none-any.whl
Path to dependency file: /doc/mkdocs/requirements.txt
Path to vulnerable library: /doc/mkdocs/requirements.txt
Dependency Hierarchy:
Found in base branch: develop
** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and nisdn/CVE-2021-40978#1.
Publish Date: 2021-10-07
URL: CVE-2021-40978
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-q6j2-g8qf-wvf7
Release Date: 2021-10-07
Fix Resolution (mkdocs): 1.2.3
Direct dependency fix Resolution (mkdocs-minify-plugin): 0.4.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: