VulnerableCode Package Details - pkg:deb/debian/uwsgi@2.0.7-1%2Bdeb8u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-cb96-v58z-aaan Aliases: CVE-2018-7490 GHSA-h2vm-c85r-5vh5 PYSEC-2018-78	uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.	2.0.14+20161117-3+deb9u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.0.18-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-k8c8-d9j5-aaaf Aliases: CVE-2018-6758	The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.	2.0.18-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-cb96-v58z-aaan
Aliases:
CVE-2018-7490
GHSA-h2vm-c85r-5vh5
PYSEC-2018-78

uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.

2.0.14+20161117-3+deb9u2
Affected by 2 other vulnerabilities.

2.0.18-1
Affected by 2 other vulnerabilities.

VCID-k8c8-d9j5-aaaf
Aliases:
CVE-2018-6758

The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

2.0.18-1
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-cb96-v58z-aaan	uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.	CVE-2018-7490 GHSA-h2vm-c85r-5vh5 PYSEC-2018-78

Vulnerability

Summary

Aliases

VCID-cb96-v58z-aaan

uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.

CVE-2018-7490
GHSA-h2vm-c85r-5vh5
PYSEC-2018-78

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T19:03:45.118319+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T15:49:39.325472+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:45:43.247356+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T10:18:06.821406+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:08:02.312990+00:00	Debian Oval Importer	Fixing	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-20T23:42:50.654506+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	None	36.1.3
2025-06-20T20:14:16.256300+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	None	36.1.3
2025-06-20T19:36:28.153624+00:00	Debian Oval Importer	Fixing	VCID-cb96-v58z-aaan	None	36.1.3
2025-06-08T12:00:02.402026+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T11:32:57.649539+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T08:43:01.585673+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:39:54.236707+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T04:05:45.371410+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T03:57:13.893361+00:00	Debian Oval Importer	Fixing	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-07T17:05:45.141668+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	None	36.1.0
2025-06-07T13:55:16.450493+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	None	36.1.0
2025-06-07T13:31:39.732517+00:00	Debian Oval Importer	Fixing	VCID-cb96-v58z-aaan	None	36.1.0
2025-04-12T17:45:19.390022+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:17:22.878019+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T07:14:31.814994+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:12:19.614253+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T02:34:12.423335+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:25:11.549352+00:00	Debian Oval Importer	Fixing	VCID-cb96-v58z-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-07T15:39:11.103924+00:00	Debian Oval Importer	Affected by	VCID-k8c8-d9j5-aaaf	None	36.0.0
2025-04-07T12:30:02.447557+00:00	Debian Oval Importer	Affected by	VCID-cb96-v58z-aaan	None	36.0.0
2025-04-07T12:07:04.881589+00:00	Debian Oval Importer	Fixing	VCID-cb96-v58z-aaan	None	36.0.0