Search for packages
| purl | pkg:deb/debian/uwsgi@2.0.14%2B20161117-3%2Bdeb9u2 |
| Next non-vulnerable version | 2.0.20-2~bpo11+1 |
| Latest non-vulnerable version | 2.0.20-2~bpo11+1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-cb96-v58z-aaan
Aliases: CVE-2018-7490 GHSA-h2vm-c85r-5vh5 PYSEC-2018-78 |
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. |
Affected by 2 other vulnerabilities. |
|
VCID-k8c8-d9j5-aaaf
Aliases: CVE-2018-6758 |
The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-cb96-v58z-aaan | uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. |
CVE-2018-7490
GHSA-h2vm-c85r-5vh5 PYSEC-2018-78 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T19:03:45.120223+00:00 | Debian Oval Importer | Affected by | VCID-k8c8-d9j5-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T15:49:39.328293+00:00 | Debian Oval Importer | Affected by | VCID-k8c8-d9j5-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:45:43.249230+00:00 | Debian Oval Importer | Affected by | VCID-cb96-v58z-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T10:18:06.823920+00:00 | Debian Oval Importer | Fixing | VCID-cb96-v58z-aaan | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-20T23:42:50.656381+00:00 | Debian Oval Importer | Affected by | VCID-k8c8-d9j5-aaaf | None | 36.1.3 |
| 2025-06-20T22:26:26.665226+00:00 | Debian Oval Importer | Affected by | VCID-cb96-v58z-aaan | None | 36.1.3 |
| 2025-06-20T20:14:16.258519+00:00 | Debian Oval Importer | Fixing | VCID-cb96-v58z-aaan | None | 36.1.3 |
| 2025-06-08T12:00:02.403844+00:00 | Debian Oval Importer | Affected by | VCID-cb96-v58z-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T11:32:57.651302+00:00 | Debian Oval Importer | Affected by | VCID-k8c8-d9j5-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T08:43:01.587175+00:00 | Debian Oval Importer | Affected by | VCID-k8c8-d9j5-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:39:54.238485+00:00 | Debian Oval Importer | Affected by | VCID-cb96-v58z-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:05:45.373247+00:00 | Debian Oval Importer | Fixing | VCID-cb96-v58z-aaan | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-07T17:05:45.143164+00:00 | Debian Oval Importer | Affected by | VCID-k8c8-d9j5-aaaf | None | 36.1.0 |
| 2025-06-07T15:50:41.582718+00:00 | Debian Oval Importer | Affected by | VCID-cb96-v58z-aaan | None | 36.1.0 |
| 2025-06-07T13:55:16.452098+00:00 | Debian Oval Importer | Fixing | VCID-cb96-v58z-aaan | None | 36.1.0 |
| 2025-04-12T17:45:19.395152+00:00 | Debian Oval Importer | Affected by | VCID-cb96-v58z-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:17:22.883084+00:00 | Debian Oval Importer | Affected by | VCID-k8c8-d9j5-aaaf | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T07:14:31.819969+00:00 | Debian Oval Importer | Affected by | VCID-k8c8-d9j5-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:12:19.619413+00:00 | Debian Oval Importer | Affected by | VCID-cb96-v58z-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T02:34:12.428299+00:00 | Debian Oval Importer | Fixing | VCID-cb96-v58z-aaan | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-07T15:39:11.109417+00:00 | Debian Oval Importer | Affected by | VCID-k8c8-d9j5-aaaf | None | 36.0.0 |
| 2025-04-07T14:21:32.153294+00:00 | Debian Oval Importer | Affected by | VCID-cb96-v58z-aaan | None | 36.0.0 |
| 2025-04-07T12:30:02.454130+00:00 | Debian Oval Importer | Fixing | VCID-cb96-v58z-aaan | None | 36.0.0 |