qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/MkDocs-Arbitrary-File-Read-...

69 lines
3.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "MkDocs Arbitrary File Read (CVE-2021-40978)",
"Description": "<p>MkDocs is a fast, simple and downright gorgeous static site generator that's geared towards building project documentation.</p><p>The built-in development server of mkdocs version 1.2.2 has arbitrary file reading vulnerabilities, and attackers can obtain sensitive information such as configuration.</p>",
"Product": "MkDocs",
"Homepage": "https://www.mkdocs.org/",
"DisclosureDate": "2021-09-25",
"Author": "1291904552@qq.com",
"FofaQuery": "banner=\"WSGIServer\"",
"GobyQuery": "banner=\"WSGIServer\"",
"Level": "2",
"Impact": "<p>The built-in development server of mkdocs version 1.2.2 has arbitrary file reading vulnerabilities, and attackers can obtain sensitive information such as configuration.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.mkdocs.org\">https://www.mkdocs.org</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "MkDocs 项目文档系统 1.2.2 版本存在任意文件读取漏洞CVE-2021-40978",
"Product": "MkDocs",
"VulType": ["文件读取"],
"Tags": ["文件读取"],
"Description": "<p>MkDocs 是一个快速、简单和彻头彻尾的华丽静态站点生成器,用于构建项目文档。</p><p>mkdocs站点生成系统 1.2.2 版本内置的开发服务器存在任意文件读取漏洞,攻击者可获取配置等敏感信息。</p>",
"Impact": "<p><MkDocs站点生成系统 1.2.2 版本内置的开发服务器存在任意文件读取漏洞,攻击者可获取配置等敏感信息。</p>",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://www.mkdocs.org\">https://www.mkdocs.org</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "MkDocs Arbitrary File Read (CVE-2021-40978)",
"Product": "MkDocs",
"VulType": ["fileread"],
"Tags": ["fileread"],
"Description": "<p>MkDocs is a fast, simple and downright gorgeous static site generator that's geared towards building project documentation.</p><p>The built-in development server of mkdocs version 1.2.2 has arbitrary file reading vulnerabilities, and attackers can obtain sensitive information such as configuration.</p>",
"Impact": "<p>The built-in development server of mkdocs version 1.2.2 has arbitrary file reading vulnerabilities, and attackers can obtain sensitive information such as configuration.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.mkdocs.org\">https://www.mkdocs.org</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2. If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://github.com/nisdn/CVE-2021-40978"
],
"HasExp": true,
"ExpParams": [
{
"name": "filepath",
"type": "input",
"value": "/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"fileread"
],
"VulType": [
"fileread"
],
"CVEIDs": [
"CVE-2021-40978"
],
"CVSSScore": "7.5",
"AttackSurfaces": {
"Application": ["MkDocs"],
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
""
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink