Skip to content

O'Reilly Website Professional 2.5.4 and earlier allows...

High severity Unreviewed Published Apr 30, 2022 to the GitHub Advisory Database • Updated Jan 30, 2023

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.

References

Published by the National Vulnerability Database Aug 22, 2001
Published to the GitHub Advisory Database Apr 30, 2022
Last updated Jan 30, 2023

Severity

High

EPSS score

3.091%
(91st percentile)

Weaknesses

No CWEs

CVE ID

CVE-2001-0626

GHSA ID

GHSA-3xc3-m57q-hj7g

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.