High severityNVD Advisory· Published Jun 13, 2014· Updated May 6, 2026
CVE-2012-3521
CVE-2012-3521
Description
Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
geshi/geshiPackagist | < 1.0.8.11 | 1.0.8.11 |
Affected products
7cpe:2.3:a:qbnz:geshi:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:qbnz:geshi:*:*:*:*:*:*:*:*range: <=1.0.8.10
- cpe:2.3:a:qbnz:geshi:1.0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:qbnz:geshi:1.0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:qbnz:geshi:1.0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:qbnz:geshi:1.0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:qbnz:geshi:1.0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:qbnz:geshi:1.0.8.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- sourceforge.net/p/geshi/code/2507/nvdExploitPatch
- github.com/advisories/GHSA-fw3x-2pr2-5j64ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-3521ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2013-May/105247.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2013-May/105273.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2013-May/105317.htmlnvdWEB
- sourceforge.net/p/geshi/code/2507ghsaWEB
- www.openwall.com/lists/oss-security/2012/08/21/11nvdWEB
- bugs.debian.org/cgi-bin/bugreport.cginvdWEB
News mentions
0No linked articles in our index yet.