Civetwebproject Civetweb
By the Year
In 2024 there have been 0 vulnerabilities in Civetwebproject Civetweb . Civetweb did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 1 | 9.80 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 1 | 7.10 |
It may take a day or so for new Civetweb vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Civetwebproject Civetweb Security Vulnerabilities
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism
CVE-2020-27304
9.8 - Critical
- October 21, 2021
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal
Directory traversal
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10
CVE-2018-12684
7.1 - High
- June 22, 2018
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Civetwebproject Civetweb or by Civetwebproject? Click the Watch button to subscribe.