PyPI package
wsgidav
pkg:pypi/wsgidav
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-48099 | hig | — | < 4.3.4 | 4.3.4 | Jun 11, 2026 | ### Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. ### Patches The issue is fixed with version 4.3.4. ### Preconditions The practical impact depends o | |
| CVE-2022-41905 | — | >= 3.0.0a1, < 4.1.0 | 4.1.0 | Nov 11, 2022 | WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir |
- affected < 4.3.4fixed 4.3.4
### Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. ### Patches The issue is fixed with version 4.3.4. ### Preconditions The practical impact depends o
- CVE-2022-41905Nov 11, 2022affected >= 3.0.0a1, < 4.1.0fixed 4.1.0
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir