WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration.
References
Link | Resource |
---|---|
https://github.com/mar10/wsgidav/commit/e9606ab0f42f4c1a6611bc3c52de299b0aba7726 | Patch Third Party Advisory |
https://github.com/mar10/wsgidav/security/advisories/GHSA-xx6g-jj35-pxjv | Mitigation Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-11-11T00:00:00
Updated: 2022-11-11T00:00:00
Reserved: 2022-09-30T00:00:00
Link: CVE-2022-41905
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-11-11T21:15:09.743
Modified: 2022-11-16T18:10:41.607
Link: CVE-2022-41905
JSON object: View
Redhat Information
No data.
CWE