Bug 27769 - erlang security update CVE-2020-25623
Summary: erlang security update CVE-2020-25623
Status: RESOLVED INVALID
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact: Sec team
URL: https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-06 23:06 CET by Zombie Ryushu
Modified: 2020-12-06 23:11 CET (History)
0 users

See Also:
Source RPM: erlang-21.3.8.5-5.mga8.src.rpm
CVE: CVE-2020-25623
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Zombie Ryushu 2020-12-06 23:06:12 CET 
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.
Zombie Ryushu 2020-12-06 23:06:31 CET

CVE: (none) => CVE-2020-25623

Comment 1 David Walser 2020-12-06 23:11:51 CET 
Issue introduced 22.3.1:
https://www.erlang.org/news

Status: NEW => RESOLVED
Resolution: (none) => INVALID
Note You need to log in before you can comment on or make changes to this bug.