PyPi: Wsgidav

CVE-2022-41905

Safety vulnerability ID: 53380

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Nov 11, 2022 Updated at May 04, 2024

Scan your Python projects for vulnerabilities →

Advisory

Wsgidav 4.1.0 includes a fix for CVE-2022-41905: Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled.
https://github.com/mar10/wsgidav/security/advisories/GHSA-xx6g-jj35-pxjv

Affected package

wsgidav

Latest version: 4.3.3

Generic and extendable WebDAV server based on WSGI

Affected versions

Fixed versions

Vulnerability changelog

- 246 Add dir_browser/htdocs folder setup.cfg (for install with `pip install .`)
- 265 Fix PAM not threadsafe
- 268 Use relative paths to support reverse proxies
- Clarify how to use WsgiDAV behind a reverse proxy
- ``mount_path`` option is now validated (must be empty or start with a '/')
- Add `dir_browser.directory_slash` option to force trailing slashes (default: true).
Also use relative paths in directory listings in order to improve behavior
when running behind a reverse proxy.
- 183 Fix MOVE for reverse proxies (experimental)
- Resolve security advisory [CVE-2022-41905](https://github.com/mar10/wsgidav/security/advisories/GHSA-xx6g-jj35-pxjv)
Thanks brunnjf (Jon Brunn)

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.1

CVSS v3 Details

MEDIUM 6.1

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality Impact (C): LOW
Integrity Impact (I): LOW
Availability Availability (A): NONE