Vulnerability Description
Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users may manually apply the changes from the fix commit.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mycodo Project | Mycodo | < 8.12.7 |
Related Weaknesses (CWE)
References
- https://github.com/kizniche/Mycodo/commit/23ac5dd422029c2b6ae1701a3599b6d41b66a6PatchThird Party Advisory
- https://github.com/kizniche/Mycodo/issues/1105Issue TrackingThird Party Advisory
- https://github.com/kizniche/Mycodo/releases/tag/v8.12.7Release NotesThird Party Advisory
- https://github.com/kizniche/Mycodo/security/advisories/GHSA-252r-94ph-m229PatchThird Party Advisory
- https://github.com/kizniche/Mycodo/commit/23ac5dd422029c2b6ae1701a3599b6d41b66a6PatchThird Party Advisory
- https://github.com/kizniche/Mycodo/issues/1105Issue TrackingThird Party Advisory
- https://github.com/kizniche/Mycodo/releases/tag/v8.12.7Release NotesThird Party Advisory
- https://github.com/kizniche/Mycodo/security/advisories/GHSA-252r-94ph-m229PatchThird Party Advisory
FAQ
What is CVE-2021-41185?
CVE-2021-41185 is a vulnerability with a CVSS score of 8.8 (HIGH). Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has...
How severe is CVE-2021-41185?
CVE-2021-41185 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41185?
Check the references section above for vendor advisories and patch information. Affected products include: Mycodo Project Mycodo.