VYPR
← All advisories
High severityNVD Advisory· Published Feb 22, 2006· Updated Apr 16, 2026

CVE-2006-0847

CVE-2006-0847

Description

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cherrypyPyPI
< 2.1.12.1.1

Affected products

22
  • Cherrypy/Cherrypy22 versions
    cpe:2.3:a:cherrypy:cherrypy:0.1:*:*:*:*:*:*:*+ 21 more
    • cpe:2.3:a:cherrypy:cherrypy:0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.8_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.9_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.9_gamma:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.9_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.10_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.10_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:2.0.0a1:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:2.1.0_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:2.1.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:2.1.0_rc2:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

16

News mentions

0

No linked articles in our index yet.