High severityNVD Advisory· Published Oct 9, 2019· Updated Aug 5, 2024
CVE-2019-17109
CVE-2019-17109
Description
Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kojiPyPI | >= 1.14.0, < 1.14.3 | 1.14.3 |
kojiPyPI | >= 1.15.0, < 1.15.3 | 1.15.3 |
kojiPyPI | >= 1.16.0, < 1.16.3 | 1.16.3 |
kojiPyPI | >= 1.17.0, < 1.17.1 | 1.17.1 |
kojiPyPI | >= 1.18.0, < 1.18.1 | 1.18.1 |
Affected products
2- Koji/Kojidescription
Patches
Vulnerability mechanics
References
17- github.com/advisories/GHSA-7498-c9fm-g64pghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BGUXMZIAQFFNNQ7PEFDAYQCXXKJR76U/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PSCCFHLNVFLDPC7DB4UJGXD6ZWBSY57/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DEQYYGWLJBQQVTAC7E7XSDGVF27NPMPB/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2019-17109ghsaADVISORY
- www.openwall.com/lists/oss-security/2019/10/09/5ghsax_refsource_MISCWEB
- docs.pagure.org/koji/CVE-2019-17109ghsaWEB
- docs.pagure.org/koji/CVE-2019-17109/mitrex_refsource_CONFIRM
- github.com/koji-project/koji/blob/d0507c4d2d2269daa984db642e3bd957dff18948/docs/source/CVEs/CVE-2019-17109.rstghsaWEB
- github.com/koji-project/koji/commit/91d6f0b607c7f5af666dfb56931f1db4e38c28a5ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/koji/PYSEC-2019-183.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BGUXMZIAQFFNNQ7PEFDAYQCXXKJR76UghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PSCCFHLNVFLDPC7DB4UJGXD6ZWBSY57ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DEQYYGWLJBQQVTAC7E7XSDGVF27NPMPBghsaWEB
- pagure.io/koji/commits/masterghsax_refsource_CONFIRMWEB
- pagure.io/koji/issue/1634ghsaWEB
- pagure.io/koji/pull-request/1686ghsaWEB
News mentions
0No linked articles in our index yet.