CVE-2011-1589
NONE EPSS 88.8%
Published Apr 29, 201115y ago · Modified Jun 16, 20262w ago
Published Apr 29, 2011 15y ago
Last Modified Jun 16, 2026 2w ago
Description
Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.
Threat Intelligence
EPSS Exploit Probability
88.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 82
| Vendor | Product | Version | Range |
|---|---|---|---|
| mojolicious | mojolicious | 0.2 | any |
| mojolicious | mojolicious | 0.3 | any |
| mojolicious | mojolicious | 0.4 | any |
| mojolicious | mojolicious | 0.5 | any |
| mojolicious | mojolicious | 0.6 | any |
| mojolicious | mojolicious | 0.7 | any |
| mojolicious | mojolicious | 0.8 | any |
| mojolicious | mojolicious | 0.8.1 | any |
| mojolicious | mojolicious | 0.8.2 | any |
| mojolicious | mojolicious | 0.8.3 | any |
| mojolicious | mojolicious | 0.8.4 | any |
| mojolicious | mojolicious | 0.8.5 | any |
| mojolicious | mojolicious | 0.9 | any |
| mojolicious | mojolicious | 0.8006 | any |
| mojolicious | mojolicious | 0.8007 | any |
| mojolicious | mojolicious | 0.8008 | any |
| mojolicious | mojolicious | 0.8009 | any |
| mojolicious | mojolicious | 0.9001 | any |
| mojolicious | mojolicious | 0.9002 | any |
| mojolicious | mojolicious | 0.991231 | any |
| mojolicious | mojolicious | 0.991232 | any |
| mojolicious | mojolicious | 0.991233 | any |
| mojolicious | mojolicious | 0.991234 | any |
| mojolicious | mojolicious | 0.991235 | any |
| mojolicious | mojolicious | 0.991236 | any |
| mojolicious | mojolicious | 0.991237 | any |
| mojolicious | mojolicious | 0.991238 | any |
| mojolicious | mojolicious | 0.991239 | any |
| mojolicious | mojolicious | 0.991240 | any |
| mojolicious | mojolicious | 0.991241 | any |
| mojolicious | mojolicious | 0.991242 | any |
| mojolicious | mojolicious | 0.991243 | any |
| mojolicious | mojolicious | 0.991244 | any |
| mojolicious | mojolicious | 0.991245 | any |
| mojolicious | mojolicious | 0.991246 | any |
| mojolicious | mojolicious | 0.991250 | any |
| mojolicious | mojolicious | 0.991251 | any |
| mojolicious | mojolicious | 0.999901 | any |
| mojolicious | mojolicious | 0.999902 | any |
| mojolicious | mojolicious | 0.999903 | any |
| mojolicious | mojolicious | 0.999904 | any |
| mojolicious | mojolicious | 0.999905 | any |
| mojolicious | mojolicious | 0.999906 | any |
| mojolicious | mojolicious | 0.999907 | any |
| mojolicious | mojolicious | 0.999908 | any |
| mojolicious | mojolicious | 0.999909 | any |
| mojolicious | mojolicious | 0.999910 | any |
| mojolicious | mojolicious | 0.999911 | any |
| mojolicious | mojolicious | 0.999912 | any |
| mojolicious | mojolicious | 0.999913 | any |
| mojolicious | mojolicious | 0.999914 | any |
| mojolicious | mojolicious | 0.999920 | any |
| mojolicious | mojolicious | 0.999921 | any |
| mojolicious | mojolicious | 0.999922 | any |
| mojolicious | mojolicious | 0.999923 | any |
| mojolicious | mojolicious | 0.999924 | any |
| mojolicious | mojolicious | 0.999925 | any |
| mojolicious | mojolicious | 0.999926 | any |
| mojolicious | mojolicious | 0.999927 | any |
| mojolicious | mojolicious | 0.999928 | any |
| mojolicious | mojolicious | 0.999929 | any |
| mojolicious | mojolicious | 0.999930 | any |
| mojolicious | mojolicious | 0.999931 | any |
| mojolicious | mojolicious | 0.999932 | any |
| mojolicious | mojolicious | 0.999933 | any |
| mojolicious | mojolicious | 0.999934 | any |
| mojolicious | mojolicious | 0.999935 | any |
| mojolicious | mojolicious | 0.999936 | any |
| mojolicious | mojolicious | 0.999937 | any |
| mojolicious | mojolicious | 0.999938 | any |
| mojolicious | mojolicious | 0.999939 | any |
| mojolicious | mojolicious | 0.999940 | any |
| mojolicious | mojolicious | 0.999941 | any |
| mojolicious | mojolicious | 0.999950 | any |
| mojolicious | mojolicious | 1.0 | any |
| mojolicious | mojolicious | 1.1 | any |
| mojolicious | mojolicious | 1.01 | any |
| mojolicious | mojolicious | 1.11 | any |
| mojolicious | mojolicious | 1.12 | any |
| mojolicious | mojolicious | 1.13 | any |
| mojolicious | mojolicious | 1.14 | any |
| mojolicious | mojolicious | 1.15 | any |
References 20
- bugs.debian.org http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952
- cpansearch.perl.org http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html
- openwall.com http://openwall.com/lists/oss-security/2011/04/17/1
- openwall.com http://openwall.com/lists/oss-security/2011/04/18/3
- openwall.com http://openwall.com/lists/oss-security/2011/04/18/7
- perlninja.posterous.com http://perlninja.posterous.com/sharks-in-the-water
- search.cpan.org http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz
- secunia.com http://secunia.com/advisories/44051
- secunia.com http://secunia.com/advisories/44359
- debian.org http://www.debian.org/security/2011/dsa-2221
- osvdb.org http://www.osvdb.org/71850
- securityfocus.com http://www.securityfocus.com/bid/47402
- vupen.com http://www.vupen.com/english/advisories/2011/1072
- vupen.com http://www.vupen.com/english/advisories/2011/1093
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=697229
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/66830
- github.com https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818
- github.com https://github.com/kraih/mojo/issues/114
Remediation
- openwall.com http://openwall.com/lists/oss-security/2011/04/17/1
- openwall.com http://openwall.com/lists/oss-security/2011/04/18/3
- search.cpan.org http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=697229
- github.com https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818