Search for packages
| purl | pkg:deb/debian/lighttpd@1.4.52-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-uk6q-31q8-qqf9 | There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests. |
CVE-2018-25103
|
| VCID-wfbv-rpt2-9bcs | An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. |
CVE-2018-19052
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T13:23:09.926017+00:00 | Debian Importer | Fixing | VCID-uk6q-31q8-qqf9 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T10:49:16.907837+00:00 | Debian Importer | Fixing | VCID-wfbv-rpt2-9bcs | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-13T09:13:50.521520+00:00 | Debian Importer | Fixing | VCID-uk6q-31q8-qqf9 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-13T07:19:31.430236+00:00 | Debian Importer | Fixing | VCID-wfbv-rpt2-9bcs | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:30:19.203522+00:00 | Debian Importer | Fixing | VCID-uk6q-31q8-qqf9 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:30:19.158774+00:00 | Debian Importer | Fixing | VCID-wfbv-rpt2-9bcs | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |