Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-11T16:00:00

Updated: 2024-08-05T10:32:54.126Z

Reserved: 2018-09-11T00:00:00

Link: CVE-2018-16836

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-09-11T16:29:00.387

Modified: 2024-11-21T03:53:24.663

Link: CVE-2018-16836

cve-icon Redhat

No data.