{ "Name": "MkDocs Arbitrary File Read (CVE-2021-40978)", "Description": "
MkDocs is a fast, simple and downright gorgeous static site generator that's geared towards building project documentation.
The built-in development server of mkdocs version 1.2.2 has arbitrary file reading vulnerabilities, and attackers can obtain sensitive information such as configuration.
", "Product": "MkDocs", "Homepage": "https://www.mkdocs.org/", "DisclosureDate": "2021-09-25", "Author": "1291904552@qq.com", "FofaQuery": "banner=\"WSGIServer\"", "GobyQuery": "banner=\"WSGIServer\"", "Level": "2", "Impact": "The built-in development server of mkdocs version 1.2.2 has arbitrary file reading vulnerabilities, and attackers can obtain sensitive information such as configuration.
", "Recommendation": "The vendor has released a bug fix, please pay attention to the update in time: https://www.mkdocs.org
1. Set access policies and whitelist access through security devices such as firewalls.
2.If not necessary, prohibit public network access to the system.
", "Translation": { "CN": { "Name": "MkDocs 项目文档系统 1.2.2 版本存在任意文件读取漏洞(CVE-2021-40978)", "Product": "MkDocs", "VulType": ["文件读取"], "Tags": ["文件读取"], "Description": "MkDocs 是一个快速、简单和彻头彻尾的华丽静态站点生成器,用于构建项目文档。
mkdocs站点生成系统 1.2.2 版本内置的开发服务器存在任意文件读取漏洞,攻击者可获取配置等敏感信息。
", "Impact": "⼚商已发布了漏洞修复程序,请及时关注更新:https://www.mkdocs.org 1、通过防⽕墙等安全设备设置访问策略,设置⽩名单访问。 2、如⾮必要,禁⽌公⽹访问该系统。 MkDocs is a fast, simple and downright gorgeous static site generator that's geared towards building project documentation. The built-in development server of mkdocs version 1.2.2 has arbitrary file reading vulnerabilities, and attackers can obtain sensitive information such as configuration. The built-in development server of mkdocs version 1.2.2 has arbitrary file reading vulnerabilities, and attackers can obtain sensitive information such as configuration. The vendor has released a bug fix, please pay attention to the update in time: https://www.mkdocs.org 1. Set access policies and whitelist access through security devices such as firewalls. 2. If not necessary, prohibit public network access to the system.