Directory Traversal Vulnerability in reNgine by Yogesh Ojha
CVE-2021-38606

9.8CRITICAL

Key Information:

Vendor: Yogeshojha
Status: Rengine
Vendor: CVE Published:; 12 August 2021

What is CVE-2021-38606?

The vulnerability in reNgine prior to version 0.5 allows for directory traversal attacks due to reliance on predictable naming of directories. This can potentially enable unauthorized access to sensitive directories, exposing files and data that should be secured against such exploitation.

References

https://github.com/yogeshojha/rengine/commit/158367a23133...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2021
Vulnerability Reserved
Aug 12, 2021

Yogeshojha

What is CVE-2021-38606?

References

CVSS V3.1

Timeline