VulnerableCode Package Details - pkg:deb/debian/uwsgi@1.2.3%2Bdfsg-5%2Bdeb7u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-cb96-v58z-aaan Aliases: CVE-2018-7490 GHSA-h2vm-c85r-5vh5 PYSEC-2018-78	uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.	2.0.7-1+deb8u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.0.14+20161117-3+deb9u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.0.18-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-k8c8-d9j5-aaaf Aliases: CVE-2018-6758	The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.	2.0.18-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-cb96-v58z-aaan
Aliases:
CVE-2018-7490
GHSA-h2vm-c85r-5vh5
PYSEC-2018-78

uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.

2.0.7-1+deb8u2
Affected by 2 other vulnerabilities.

2.0.14+20161117-3+deb9u2
Affected by 2 other vulnerabilities.

2.0.18-1
Affected by 2 other vulnerabilities.

VCID-k8c8-d9j5-aaaf
Aliases:
CVE-2018-6758

The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

2.0.18-1
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T19:03:45.105911+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T15:49:39.312242+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:45:43.243128+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T10:18:06.816406+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:08:02.308129+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-20T23:42:50.650681+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	None	36.1.3
2025-06-20T19:36:28.150366+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	None	36.1.3
2025-06-08T12:00:02.398435+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T11:32:57.645885+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T08:43:01.582386+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:39:54.233060+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T04:05:45.367069+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T03:57:13.889345+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-07T17:05:45.138465+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	None	36.1.0
2025-06-07T13:31:39.729297+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	None	36.1.0
2025-04-12T17:45:19.379861+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:17:22.868890+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T07:14:31.804973+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:12:19.605478+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T02:34:12.413255+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:25:11.539868+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-07T15:39:11.092877+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	None	36.0.0
2025-04-07T12:07:04.868628+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	None	36.0.0