CVE-2021-32062
Summary
| CVE | CVE-2021-32062 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-05-06 13:15:00 UTC |
|---|
| Updated | 2023-11-07 03:35:00 UTC |
|---|
| Description | MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI). |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 33 Update: mapserver-7.4.5-1.fc33 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| MapServer 7.6 Changelog — MapServer 7.6.2 documentation |
MISC |
mapserver.org |
|
| MapServer 7.4 Changelog — MapServer 7.6.2 documentation |
MISC |
mapserver.org |
|
| [SECURITY] Fedora 33 Update: mapserver-7.4.5-1.fc33 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 34 Update: mapserver-7.6.3-1.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| MapServer 7.0 Changelog — MapServer 7.6.2 documentation |
MISC |
mapserver.org |
|
| MapServer 7.2 Changelog — MapServer 7.6.1 documentation |
MISC |
mapserver.org |
|
| [SECURITY] Fedora 34 Update: mapserver-7.6.3-1.fc34 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 184561 Debian Security Update for mapserver (CVE-2021-32062)
- 281502 Fedora Security Update for mapserver (FEDORA-2021-74dadee887)
- 281503 Fedora Security Update for mapserver (FEDORA-2021-faab70f09a)
