6.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-10917

GHSA ID

GHSA-574p-6fw4-4hw8

EPSS Score

0.50332%

CWE

CWE-22

Published

5/13/2022

Updated

10/9/2023

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-10917

CVE-2018-10917:
Withdrawn Advisory: Pulp Improper Path Parsing

Withdrawn Advisory

This advisory has been withdrawn because the package pulpcore deals with pulp 3 only. This advisory concerns pulp 2, which is not in a supported ecosystem.

Original Description

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.

(GitHub Advisory)

6.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-10917

GHSA ID

GHSA-574p-6fw4-4hw8

EPSS Score

0.50332%

CWE

CWE-22

Published

5/13/2022

Updated

10/9/2023

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
pulpcore	pip	<= 2.16

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

## Wit**r*wn **visory T*is **visory **s ***n wit**r*wn ****us* t** p**k*** [pulp*or*](*ttps://pypi.or*/proj**t/pulp*or*/) ***ls wit* pulp * only. T*is **visory *on**rns [pulp *](*ttps://*it*u*.*om/pulp/pulp), w*i** is not in * [support** **osyst*m](*

Reasoning

No *n*lysis *v*il**l*

6.5

Basic Information

Concerned about an active attack path?

CVE-2018-10917: Withdrawn Advisory: Pulp Improper Path Parsing

Withdrawn Advisory

Original Description

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

CVE-2018-10917:
Withdrawn Advisory: Pulp Improper Path Parsing

Vulnerability Intelligence
Miggo AI