CVE-2020-29050

Name
CVE-2020-29050
Description
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://security-tracker.debian.org/tracker/CVE-2020-29050
MISC https://blog.wirhabenstil.de/2019/08/19/sphinxsearch-0-0-0-09306-cve-2019-14511/
MLIST https://lists.debian.org/debian-lts-announce/2022/01/msg00009.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:sphinxsearch:sphinx:*:*:*:*:*:*:*:* sphinx >= None <= 3.1.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
sphinx 3.15-community 2.2.11-r6 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
sphinx 3.16-community 2.2.11-r6 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
sphinx 3.17-community 2.2.11-r6 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
sphinx edge-community 2.2.11-r7 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
sphinx 3.18-community 2.2.11-r7 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
sphinx 3.19-community 2.2.11-r7 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
sphinx 3.20-community 2.2.11-r7 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable