VYPR
High severityNVD Advisory· Published Feb 22, 2006· Updated Jun 16, 2026

CVE-2006-0847

CVE-2006-0847

Description

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cherrypyPyPI
< 2.1.12.1.1

Affected products

24
  • Cherrypy/Cherrypy23 versions
    cpe:2.3:a:cherrypy:cherrypy:0.1:*:*:*:*:*:*:*+ 22 more
    • cpe:2.3:a:cherrypy:cherrypy:0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.10_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.10_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.8_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.9_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.9_gamma:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:0.9_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:2.0.0a1:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:2.1.0_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:2.1.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:cherrypy:cherrypy:2.1.0_rc2:*:*:*:*:*:*:*
    • (no CPE)range: <2.1.1
  • ghsa-coords
    Range: < 2.1.1

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.