CVE-2011-1589 — libmojolicious-perl - directory traversal

Description

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

How to fix CVE-2011-1589

To remediate CVE-2011-1589, upgrade the affected package to a fixed version below.

Debian/libmojolicious-perl—upgrade to 1.16-1 or later
Debian/libmojolicious-perl—upgrade to 0.999926-1+squeeze1 or later

Is CVE-2011-1589 being exploited?

Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 1.16-1
from 0, < 0.999926-1+squeeze1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-1589