VYPR
High severity7.5NVD Advisory· Published Feb 6, 2018· Updated Jun 17, 2026

CVE-2018-1299

CVE-2018-1299

Description

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Apache/Allurallm-fuzzy
    Range: <1.8.0
  • Apache Software Foundation/Apache Allurav5
    Range: 1.0.0 to 1.7.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.