CVE-2013-7300

cantata < 1.2.2 - Absolute Path Traversal via Internal HTTP Server

Title source: llm
STIX 2.1

Description

Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301.

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/124
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90580
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2014/q1/121

Scores

EPSS 0.0154
EPSS Percentile 71.8%

Details

CWE
CWE-22
Status published
Products (20)
craig_drummond/cantata 0.7.0
craig_drummond/cantata 0.7.1
craig_drummond/cantata 0.8.0
craig_drummond/cantata 0.8.1
craig_drummond/cantata 0.8.2
craig_drummond/cantata 0.8.3
craig_drummond/cantata 0.8.3.1
craig_drummond/cantata 0.9.0
craig_drummond/cantata 0.9.1
craig_drummond/cantata 0.9.2
... and 10 more
Published Feb 02, 2014
Tracked Since Feb 18, 2026