2.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-15101

GHSA ID

GHSA-7pmh-vrww-25xx

EPSS Score

0.39512%

CWE

CWE-674

Published

8/30/2024

Updated

8/30/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-15101

CVE-2020-15101: freewvs's nested directory structure can interrupt scan

Impact

A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially untrusted users.

Patches

This has been fixed in this commit by limiting the recursion to 500 directories: https://github.com/schokokeksorg/freewvs/commit/83a6b55c0435c69f447488b791555e6078803143

This issue was discovered by Hanno Böck.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2020-15101

CVE-2020-15101:

2.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-15101

GHSA ID

GHSA-7pmh-vrww-25xx

EPSS Score

0.39512%

CWE

CWE-674

Published

8/30/2024

Updated

8/30/2024

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
freewvs	pip	>= 0, < 0.1.1	0.1.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the use of os.walk() in the main directory scanning loop without recursion depth control. Python's os.walk() uses recursion internally, and the original implementation allowed unlimited directory nesting. When scanning a directory with >1000 nested subdirectories, this would hit Python's recursion limit, crashing the scan. The commit fixed this by adding a check on root.count(os.sep) to limit recursion depth. The vulnerable code is explicitly shown in the diff as the unmodified os.walk() loop in the 'freewvs' file's main scanning logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

2.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2020-15101: freewvs's nested directory structure can interrupt scan

Impact

Patches

CVE-2020-15101:

2.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

2.8

2.8

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-15101: freewvs's nested directory structure can interrupt scan

Impact

Patches

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI