High severity7.5NVD Advisory· Published Feb 26, 2018· Updated Jun 17, 2026
CVE-2018-7490
CVE-2018-7490
Description
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
uWSGIPyPI | < 2.0.17 | 2.0.17 |
Affected products
1Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-h2vm-c85r-5vh5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-7490ghsaADVISORY
- uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.17.htmlnvdVendor AdvisoryWEB
- www.debian.org/security/2018/dsa-4142nvdThird Party AdvisoryWEB
- www.exploit-db.com/exploits/44223/nvdThird Party AdvisoryVDB Entry
- github.com/pypa/advisory-database/tree/main/vulns/uwsgi/PYSEC-2018-78.yamlghsaWEB
- github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8aghsaWEB
- www.exploit-db.com/exploits/44223ghsaWEB
News mentions
0No linked articles in our index yet.