VulnerableCode Package Details - pkg:deb/debian/uwsgi@1.2.3%2Bdfsg-5%2Bdeb7u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-redt-eznr-43fv Aliases: CVE-2018-6758	The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.	2.0.18-1 Affected by 0 other vulnerabilities.
VCID-rrau-77nx-mybd Aliases: CVE-2018-7490 GHSA-h2vm-c85r-5vh5 PYSEC-2018-78	uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.	2.0.7-1+deb8u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.0.14+20161117-3+deb9u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.0.18-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-redt-eznr-43fv
Aliases:
CVE-2018-6758

The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

2.0.18-1
Affected by 0 other vulnerabilities.

VCID-rrau-77nx-mybd
Aliases:
CVE-2018-7490
GHSA-h2vm-c85r-5vh5
PYSEC-2018-78

uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.

2.0.7-1+deb8u2
Affected by 2 other vulnerabilities.

2.0.14+20161117-3+deb9u2
Affected by 2 other vulnerabilities.

2.0.18-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T17:27:05.269271+00:00	Debian Oval Importer	Affected by	VCID-rrau-77nx-mybd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:44:22.378988+00:00	Debian Oval Importer	Affected by	VCID-redt-eznr-43fv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T14:07:49.988716+00:00	Debian Oval Importer	Affected by	VCID-rrau-77nx-mybd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T13:59:14.386596+00:00	Debian Oval Importer	Affected by	VCID-rrau-77nx-mybd	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-11T17:13:25.776523+00:00	Debian Oval Importer	Affected by	VCID-rrau-77nx-mybd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:31:12.493361+00:00	Debian Oval Importer	Affected by	VCID-redt-eznr-43fv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T13:56:24.069548+00:00	Debian Oval Importer	Affected by	VCID-rrau-77nx-mybd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:47:52.101256+00:00	Debian Oval Importer	Affected by	VCID-rrau-77nx-mybd	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-08T17:02:18.971588+00:00	Debian Oval Importer	Affected by	VCID-rrau-77nx-mybd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:22:22.603980+00:00	Debian Oval Importer	Affected by	VCID-redt-eznr-43fv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T22:31:11.435398+00:00	Debian Oval Importer	Affected by	VCID-rrau-77nx-mybd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T22:23:17.303635+00:00	Debian Oval Importer	Affected by	VCID-rrau-77nx-mybd	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0