A directory traversal flaw was found in Mojolicious [1]. Because Mojolicious did not unescape paths before processing them, a user could use it to view arbitrary files using '%2f' rather than '/' (for example: %2f..%2f). This has been corrected in upstream version 1.17 [2]. [1] https://github.com/kraih/mojo/issues/114 [2] https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818
Created perl-Mojolicious tracking bugs for this issue Affects: fedora-all [bug 697230]
This was assigned the name CVE-2011-1589.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.