Your submission was sent successfully! Close

CVE-2020-29050

Published: 10 January 2022

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
sphinxsearch
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

trusty Ignored
(out of standard support)
upstream
Released (2.2.11-3)
xenial Ignored
(out of standard support)