Published: 2 October 2020
Erlang/OTP 22.3.x before 18.104.22.168 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.
per upstream, introduced in OTP 22.3.1 and corrected in OTP 22.214.171.124. It was also introduced in OTP 23.0 and corrected in OTP 23.1
Launchpad, Ubuntu, Debian
upstream: https://github.com/erlang/otp/commit/5296ae6c4761f26600c05e447cb0bda78a93b602 (22)
upstream: https://github.com/erlang/otp/commit/5296ae6c4761f26600c05e447cb0bda78a93b602 (23)
Severity score breakdown