[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2014-4650":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":65,"duplicate_of":9,"upstream":66,"downstream":67,"duplicates":114,"related":115,"reserved_at":9,"published_at":133,"modified_at":134,"state":135,"summary":136,"references_raw":144,"kevs":164,"epss":165,"epss_history":168,"metrics":428,"affected":437},"CVE-2014-4650","The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[41,50],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_04EDB5630C31E2CA","Exploit Reference (bugs.python.org)","reference","http://bugs.python.org/issue21766","unknown",0.2,false,[],{"_key":51,"name":52,"source":53,"url":54,"maturity":55,"reliability_score":56,"verified":57,"type":9,"platforms":58,"requires_auth":9,"exploitdb":60,"metasploit":9},"33894","Python CGIHTTPServer - Encoded Directory Traversal","exploit-database","https://www.exploit-db.com/exploits/33894","poc",0.8,true,[59],"multiple",{"verified":57,"type":61,"platform":59,"file":62,"codes":63},"webapps","exploits/multiple/webapps/33894.txt",[7,64],"OSVDB-108369",[],[],[68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112],{"_key":69},"SUSE-SU-2020:0234-1",{"_key":71},"RHSA-2015:1330",{"_key":73},"OPENSUSE-SU-2024:11202-1",{"_key":75},"SUSE-SU-2015:1344-1",{"_key":77},"SUSE-SU-2020:0114-1",{"_key":79},"OPENSUSE-SU-2020:0086-1",{"_key":81},"OPENSUSE-SU-2024:10100-1",{"_key":83},"OPENSUSE-SU-2024:10536-1",{"_key":85},"OPENSUSE-SU-2024:11283-1",{"_key":87},"OPENSUSE-SU-2024:11284-1",{"_key":89},"OPENSUSE-SU-2024:11285-1",{"_key":91},"OPENSUSE-SU-2024:11286-1",{"_key":93},"OPENSUSE-SU-2024:12089-1",{"_key":95},"OPENSUSE-SU-2024:12910-1",{"_key":97},"OPENSUSE-SU-2024:14109-1",{"_key":99},"OPENSUSE-SU-2024:14434-1",{"_key":101},"OPENSUSE-SU-2025:15713-1",{"_key":103},"MGASA-2014-0285",{"_key":105},"UBUNTU-CVE-2014-4650",{"_key":107},"USN-2653-1",{"_key":109},"DEBIAN-CVE-2014-4650",{"_key":111},"RHSA-2015:1064",{"_key":113},"RHSA-2015:2101",[],[116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132],{"_key":69},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},{"_key":91},{"_key":93},{"_key":95},{"_key":97},{"_key":99},{"_key":101},{"_key":103},"2020-02-20T16:01:22.000Z","2024-08-06T11:20:26.719Z","Modified",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":137,"epss_score":138,"severity":139,"severity_score":140,"severity_version":141,"severity_source":142,"severity_vector":143,"severity_status":135},"low",0.07232,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[145,153,159],{"url":146,"sources":147,"tags":149},"http://openwall.com/lists/oss-security/2014/06/26/3",[148,142],"cve.org",[150,151,152],"X Refsource MISC","Mailing List","Third Party Advisory",{"url":45,"sources":154,"tags":155},[148,142],[150,156,157,158],"Exploit","Patch","Vendor Advisory",{"url":160,"sources":161,"tags":162},"https://access.redhat.com/security/cve/cve-2014-4650",[148,142],[158,163,152],"X Refsource REDHAT",[],{"date":166,"score":138,"percentile":167},"2026-06-04",0.91761,[169,173,175,178,181,183,186,188,191,194,197,200,203,206,209,213,216,219,222,225,228,231,233,236,238,241,244,248,251,254,257,260,263,266,269,271,274,277,280,283,285,289,292,295,298,302,304,306,309,311,314,317,320,323,327,330,333,335,338,341,344,347,350,353,356,359,362,365,368,371,373,376,379,382,385,387,390,392,394,396,399,402,405,408,411,414,417,419,422,425],{"date":170,"score":171,"percentile":172},"2025-11-04",0.11892,0.93435,{"date":174,"score":171,"percentile":172},"2025-11-05",{"date":176,"score":171,"percentile":177},"2025-11-06",0.93436,{"date":179,"score":171,"percentile":180},"2025-11-07",0.9344,{"date":182,"score":171,"percentile":180},"2025-11-08",{"date":184,"score":171,"percentile":185},"2025-11-09",0.93438,{"date":187,"score":171,"percentile":185},"2025-11-10",{"date":189,"score":171,"percentile":190},"2025-11-11",0.93441,{"date":192,"score":171,"percentile":193},"2025-11-12",0.93447,{"date":195,"score":171,"percentile":196},"2025-11-13",0.93449,{"date":198,"score":171,"percentile":199},"2025-11-14",0.93452,{"date":201,"score":171,"percentile":202},"2025-11-15",0.93446,{"date":204,"score":171,"percentile":205},"2025-11-16",0.9345,{"date":207,"score":171,"percentile":208},"2025-11-17",0.93448,{"date":210,"score":211,"percentile":212},"2025-11-18",0.08153,0.91305,{"date":214,"score":211,"percentile":215},"2025-11-19",0.91308,{"date":217,"score":211,"percentile":218},"2025-11-20",0.91314,{"date":220,"score":211,"percentile":221},"2025-11-21",0.91822,{"date":223,"score":211,"percentile":224},"2025-11-22",0.91821,{"date":226,"score":211,"percentile":227},"2025-11-23",0.91827,{"date":229,"score":211,"percentile":230},"2025-11-24",0.91828,{"date":232,"score":211,"percentile":227},"2025-11-25",{"date":234,"score":211,"percentile":235},"2025-11-26",0.91829,{"date":237,"score":211,"percentile":227},"2025-11-27",{"date":239,"score":211,"percentile":240},"2025-11-28",0.91818,{"date":242,"score":211,"percentile":243},"2025-11-29",0.91844,{"date":245,"score":246,"percentile":247},"2025-11-30",0.07954,0.91725,{"date":249,"score":246,"percentile":250},"2025-12-01",0.91769,{"date":252,"score":246,"percentile":253},"2025-12-02",0.91773,{"date":255,"score":246,"percentile":256},"2025-12-03",0.91774,{"date":258,"score":246,"percentile":259},"2025-12-04",0.91724,{"date":261,"score":246,"percentile":262},"2025-12-05",0.91727,{"date":264,"score":246,"percentile":265},"2025-12-06",0.9173,{"date":267,"score":246,"percentile":268},"2025-12-07",0.91728,{"date":270,"score":246,"percentile":262},"2025-12-08",{"date":272,"score":246,"percentile":273},"2025-12-09",0.91731,{"date":275,"score":246,"percentile":276},"2025-12-10",0.91737,{"date":278,"score":246,"percentile":279},"2025-12-11",0.91739,{"date":281,"score":246,"percentile":282},"2025-12-12",0.9174,{"date":284,"score":246,"percentile":265},"2025-12-13",{"date":286,"score":287,"percentile":288},"2025-12-14",0.06019,0.90354,{"date":290,"score":287,"percentile":291},"2025-12-15",0.90356,{"date":293,"score":287,"percentile":294},"2025-12-16",0.90353,{"date":296,"score":287,"percentile":297},"2025-12-17",0.90361,{"date":299,"score":300,"percentile":301},"2025-12-18",0.06173,0.90486,{"date":303,"score":300,"percentile":301},"2025-12-19",{"date":305,"score":300,"percentile":301},"2025-12-20",{"date":307,"score":300,"percentile":308},"2025-12-21",0.90496,{"date":310,"score":300,"percentile":308},"2025-12-22",{"date":312,"score":300,"percentile":313},"2025-12-23",0.90497,{"date":315,"score":300,"percentile":316},"2025-12-24",0.90508,{"date":318,"score":300,"percentile":319},"2025-12-25",0.90518,{"date":321,"score":300,"percentile":322},"2025-12-26",0.90515,{"date":324,"score":325,"percentile":326},"2025-12-27",0.07874,0.91753,{"date":328,"score":300,"percentile":329},"2025-12-28",0.90512,{"date":331,"score":300,"percentile":332},"2025-12-29",0.90509,{"date":334,"score":300,"percentile":322},"2025-12-30",{"date":336,"score":300,"percentile":337},"2025-12-31",0.90525,{"date":339,"score":287,"percentile":340},"2026-01-01",0.90473,{"date":342,"score":287,"percentile":343},"2026-01-02",0.90467,{"date":345,"score":287,"percentile":346},"2026-01-03",0.90466,{"date":348,"score":287,"percentile":349},"2026-01-04",0.90408,{"date":351,"score":287,"percentile":352},"2026-01-05",0.90405,{"date":354,"score":287,"percentile":355},"2026-01-06",0.90407,{"date":357,"score":287,"percentile":358},"2026-01-07",0.90411,{"date":360,"score":287,"percentile":361},"2026-01-08",0.90414,{"date":363,"score":287,"percentile":364},"2026-01-09",0.90415,{"date":366,"score":287,"percentile":367},"2026-01-10",0.90417,{"date":369,"score":287,"percentile":370},"2026-01-11",0.90409,{"date":372,"score":287,"percentile":370},"2026-01-12",{"date":374,"score":287,"percentile":375},"2026-01-13",0.90406,{"date":377,"score":287,"percentile":378},"2026-01-14",0.9042,{"date":380,"score":287,"percentile":381},"2026-01-15",0.90424,{"date":383,"score":287,"percentile":384},"2026-01-16",0.90427,{"date":386,"score":287,"percentile":381},"2026-01-17",{"date":388,"score":287,"percentile":389},"2026-01-18",0.90426,{"date":391,"score":287,"percentile":389},"2026-01-19",{"date":393,"score":287,"percentile":381},"2026-01-20",{"date":395,"score":287,"percentile":389},"2026-01-21",{"date":397,"score":287,"percentile":398},"2026-01-22",0.90429,{"date":400,"score":287,"percentile":401},"2026-01-23",0.90437,{"date":403,"score":287,"percentile":404},"2026-01-24",0.90444,{"date":406,"score":287,"percentile":407},"2026-01-25",0.90445,{"date":409,"score":287,"percentile":410},"2026-01-26",0.90447,{"date":412,"score":287,"percentile":413},"2026-01-27",0.90449,{"date":415,"score":287,"percentile":416},"2026-01-28",0.90455,{"date":418,"score":287,"percentile":416},"2026-01-29",{"date":420,"score":287,"percentile":421},"2026-01-30",0.90454,{"date":423,"score":287,"percentile":424},"2026-01-31",0.90465,{"date":426,"score":287,"percentile":427},"2026-02-01",0.90524,[429],{"source":142,"cvss_v2_0":430,"cvss_v3_0":9,"cvss_v3_1":435,"cvss_v4_0":9},{"baseScore":431,"baseSeverity":9,"vectorString":432,"impactScore":433,"exploitabilityScore":434},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":140,"baseSeverity":436,"vectorString":143,"impactScore":140,"exploitabilityScore":434},"CRITICAL",[438,461,473],{"ecosystem":9,"name":439,"vendor":439,"product":439,"cpe_part":440,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":441},"python","a",[442,449,453,457],{"version":443,"is_range":57,"range_type":444,"version_start":445,"version_start_type":446,"version_end":447,"version_end_type":448,"fixed_in":9},"gte2.7.0_lt2.7.8","cpe","2.7.0","including","2.7.8","excluding",{"version":450,"is_range":57,"range_type":444,"version_start":451,"version_start_type":446,"version_end":452,"version_end_type":448,"fixed_in":9},"gte3.2.0_lt3.2.6","3.2.0","3.2.6",{"version":454,"is_range":57,"range_type":444,"version_start":455,"version_start_type":446,"version_end":456,"version_end_type":448,"fixed_in":9},"gte3.3.0_lt3.3.6","3.3.0","3.3.6",{"version":458,"is_range":57,"range_type":444,"version_start":459,"version_start_type":446,"version_end":460,"version_end_type":448,"fixed_in":9},"gte3.4.0_lt3.4.2","3.4.0","3.4.2",{"ecosystem":9,"name":462,"vendor":463,"product":464,"cpe_part":465,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":466},"enterprise linux","redhat","enterprise_linux","o",[467,469,471],{"version":468,"is_range":48,"range_type":444,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.0",{"version":470,"is_range":48,"range_type":444,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0",{"version":472,"is_range":48,"range_type":444,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"ecosystem":9,"name":474,"vendor":463,"product":475,"cpe_part":440,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":476},"software collections","software_collections",[477],{"version":478,"is_range":48,"range_type":444,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na"]