Candidate: CVE-2021-40978
PublicDate: 2021-10-07 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40978
 https://github.com/nisdn/CVE-2021-40978
 https://github.com/mkdocs/mkdocs
 https://github.com/mkdocs/mkdocs/pull/2604
 https://github.com/mkdocs/mkdocs/pull/2604/commits/cddc453c9d49298e60e7d56fb71130c151cbcbe5
Description:
 ** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory
 traversal using the port 8000, enabling remote exploitation to obtain
 :sensitive information. NOTE: the vendor has disputed this as described in
 https://github.com/mkdocs/mkdocs/issues/2601.] and
 https://github.com/nisdn/CVE-2021-40978/issues/1.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_python-mkdocs:
upstream_python-mkdocs: needs-triage
trusty_python-mkdocs: ignored (out of standard support)
trusty/esm_python-mkdocs: DNE
xenial_python-mkdocs: ignored (out of standard support)
bionic_python-mkdocs: not-affected (code not present)
focal_python-mkdocs: not-affected (code not present)
hirsute_python-mkdocs: not-affected (code not present)
impish_python-mkdocs: not-affected (code not present)
jammy_python-mkdocs: not-affected (code not present)
devel_python-mkdocs: not-affected (code not present)