VYPR
Unrated severityNVD Advisory· Published Nov 7, 2018· Updated Aug 5, 2024

CVE-2018-19052

CVE-2018-19052

Description

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.