High severityNVD Advisory· Published Feb 22, 2006· Updated Jun 16, 2026
CVE-2006-0847
CVE-2006-0847
Description
Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cherrypyPyPI | < 2.1.1 | 2.1.1 |
Affected products
24cpe:2.3:a:cherrypy:cherrypy:0.1:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:cherrypy:cherrypy:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.10_beta:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.10_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.8_beta:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.9_beta:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.9_gamma:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:0.9_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:2.0.0a1:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:2.1.0_beta:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:2.1.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:cherrypy:cherrypy:2.1.0_rc2:*:*:*:*:*:*:*
- (no CPE)range: <2.1.1
Patches
Vulnerability mechanics
References
16- groups.google.com/group/cherrypy-announce/browse_thread/thread/92b2972f774fe6df/2f63afc9433dc306nvdPatchWEB
- www.securityfocus.com/bid/16760nvdPatch
- github.com/advisories/GHSA-vx77-5pf4-c9wrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2006-0847ghsaADVISORY
- sourceforge.net/project/shownotes.phpnvdWEB
- www.cherrypy.orgghsaWEB
- www.gentoo.org/security/en/glsa/glsa-200605-16.xmlnvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/24809nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/cherrypy/PYSEC-2006-1.yamlghsaWEB
- web.archive.org/web/20140724140216/http://secunia.com/advisories/18944ghsaWEB
- web.archive.org/web/20140803230356/http://secunia.com/advisories/20344ghsaWEB
- web.archive.org/web/20200302050730/http://www.securityfocus.com/bid/16760ghsaWEB
- secunia.com/advisories/18944nvd
- secunia.com/advisories/20344nvd
- www.cherrypy.orgnvd
- www.vupen.com/english/advisories/2006/0677nvd
News mentions
0No linked articles in our index yet.