The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. Reference: https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq
Created moin tracking bugs for this issue: Affects: epel-all [bug 1897193] Affects: fedora-31 [bug 1897194]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.