{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2011-12-05T11:00:00Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1932", "state": "PUBLISHED", "dateReserved": "2011-05-09T00:00:00Z", "datePublished": "2011-12-05T11:00:00Z", "dateUpdated": "2011-12-05T11:00:00Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:widelands:widelands:-:build1:*:*:*:*:*:*", "matchCriteriaId": "C310EED8-E0FE-4E51-AF0A-6A53924DC4BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build10:*:*:*:*:*:*", "matchCriteriaId": "054E4DC2-A9F7-4680-A33C-B816AEE0A148", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build10_release_candidate:*:*:*:*:*:*", "matchCriteriaId": "2B2DF3D7-AD20-4578-A730-C2515038A97D", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build11:*:*:*:*:*:*", "matchCriteriaId": "DFF3C32F-3C38-4112-B575-6A6F91173CFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build11_release_candidate:*:*:*:*:*:*", "matchCriteriaId": "2B45B376-434B-456B-B491-CF7B0BB0F597", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build12:*:*:*:*:*:*", "matchCriteriaId": "AB91F6CB-0B0D-435E-8CC9-7405053966E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build12_release_candidate:*:*:*:*:*:*", "matchCriteriaId": "208433B7-008C-4771-8508-7640782F018F", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build13:*:*:*:*:*:*", "matchCriteriaId": "FF11D5F6-5103-4561-A1BE-2761AEDF96F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build13_release_candidate:*:*:*:*:*:*", "matchCriteriaId": "17E65533-7F5C-4CA3-9157-063E93F1E6AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build13_release_candidate2:*:*:*:*:*:*", "matchCriteriaId": "F6803C19-950C-4A27-9B07-DFA3512BBB23", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build14:*:*:*:*:*:*", "matchCriteriaId": "F70B6239-4BD3-4E90-80E6-BBBFD1518A56", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build14_release_candidate:*:*:*:*:*:*", "matchCriteriaId": "76F3B6EA-CDB0-47ED-A6BF-BE5F99467DA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build2:*:*:*:*:*:*", "matchCriteriaId": "B88CCD70-B9DB-47DF-AF80-84ABC905E272", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build3:*:*:*:*:*:*", "matchCriteriaId": "460D9138-AA35-4A25-A5EB-1613BE29F5C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build4:*:*:*:*:*:*", "matchCriteriaId": "CD22A431-E827-4621-94CA-4A9F2A48F025", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build5:*:*:*:*:*:*", "matchCriteriaId": "820E897A-D5C7-49E2-884F-2A722FA36B48", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build6:*:*:*:*:*:*", "matchCriteriaId": "40FE6D11-D0A5-4E9B-A990-BB73FCD095E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build7:*:*:*:*:*:*", "matchCriteriaId": "9D9D5D4C-ADF9-483E-8318-66866B2863E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build8:*:*:*:*:*:*", "matchCriteriaId": "2C1AE263-930F-4F2D-B6F5-AF96DA7239D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build9:*:*:*:*:*:*", "matchCriteriaId": "9603E399-1F1D-4C35-82C9-4382F1A70926", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en io/filesystem/filesystem.cc en Widelands antes de v15.1 podr\u00eda permitir a atacantes remotos sobreescribir ficheros de su elecci\u00f3n a trav\u00e9s de caracteres . (punto) en un nombre de ruta que se utiliza para la transferencia de un archivo en un juego en Internet."}], "id": "CVE-2011-1932", "lastModified": "2021-06-25T14:19:49.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-12-05T11:55:05.867", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Release Notes", "Third Party Advisory"], "url": "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}