Vulnerability Details CVE-2021-40978
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1
Exploit prediction scoring system (EPSS) score
EPSS Score 0.848
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/mkdocs/mkdocs
- https://github.com/mkdocs/mkdocs/issues/2601
- https://github.com/nisdn/CVE-2021-40978
- https://github.com/nisdn/CVE-2021-40978/issues/1
- https://github.com/mkdocs/mkdocs
- https://github.com/mkdocs/mkdocs/issues/2601
- https://github.com/nisdn/CVE-2021-40978
- https://github.com/nisdn/CVE-2021-40978/issues/1