{"id":"PYSEC-2021-878","details":"The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1","aliases":["CVE-2021-40978","GHSA-qh9q-34h6-hcv9"],"modified":"2024-01-17T10:53:34.840029Z","published":"2021-10-07T14:15:00Z","references":[{"type":"WEB","url":"https://github.com/nisdn/CVE-2021-40978"},{"type":"WEB","url":"https://github.com/mkdocs/mkdocs"},{"type":"REPORT","url":"https://github.com/nisdn/CVE-2021-40978/issues/1"},{"type":"REPORT","url":"https://github.com/mkdocs/mkdocs/issues/2601"}],"affected":[{"package":{"name":"mkdocs","ecosystem":"PyPI","purl":"pkg:pypi/mkdocs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.2.2"},{"fixed":"1.2.3"}]}],"versions":["1.2.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/mkdocs/PYSEC-2021-878.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}