CVE-2008-4129

NONECVSS 0.0

0.0

Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.

🔗 References (20)

cve@mitrehttp://gallery.menalto.com/gallery_1.5.9_released
cve@mitrehttp://gallery.menalto.com/gallery_2.2.6_released
cve@mitrehttp://secunia.com/advisories/31912
cve@mitrehttp://secunia.com/advisories/32662
cve@mitrehttp://secunia.com/advisories/33144
cve@mitrehttp://security.gentoo.org/glsa/glsa-200811-02.xml
cve@mitrehttp://www.securityfocus.com/bid/31231
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/45228
cve@mitrehttps://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html
cve@mitrehttps://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html
af854a3a-2127-422b-91ae-364da2661108http://gallery.menalto.com/gallery_1.5.9_released
af854a3a-2127-422b-91ae-364da2661108http://gallery.menalto.com/gallery_2.2.6_released
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31912
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32662
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33144

Is Your Infrastructure Affected by CVE-2008-4129?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-4129

📅 Published

🔄 Last Modified

🔗 References (20)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-4129?