WS-2017-3734 | Mend Vulnerability Database

Vulnerability DatabaseWS-2017-3734

WS-2017-3734

Published:May 19, 2026

Updated:May 19, 2026

Affected versions of the package are vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server

Affected Packages

sirius-csifingerid (CONDA):

Affected version(s) =4.0.1 <4.9.3

Fix Suggestion:

Update to version 4.9.3

eoulsan (CONDA):

Affected version(s) >=2.4 <=2.5

Fix Suggestion:

Update to version no_fix

peptide-shaker (CONDA):

Affected version(s) >=1.16.29 <2.0.33

Fix Suggestion:

Update to version 2.0.33

fgbio (CONDA):

Affected version(s) >=0.1.2a <0.2.0

Fix Suggestion:

Update to version 0.2.0

fgbio (CONDA):

Affected version(s) >=0.2.1a <0.4.0

Fix Suggestion:

Update to version 0.4.0

nextflow (CONDA):

Affected version(s) >=0.27.0 <0.30.0

Fix Suggestion:

Update to version 0.30.0

beakerx (CONDA):

Affected version(s) >=0.3.0.dev0 <=1.4.1

Fix Suggestion:

Update to version no_fix

gsea (CONDA):

Affected version(s) =4.3.2

Fix Suggestion:

Update to version no_fix

pepgenome (CONDA):

Affected version(s) =1.1.beta

Fix Suggestion:

Update to version no_fix

womtool (CONDA):

Affected version(s) =52 <53

Fix Suggestion:

Update to version 53

mpa-portable (CONDA):

Affected version(s) =1.4.1 <1.9.0

Fix Suggestion:

Update to version 1.9.0

owlready2 (CONDA):

Affected version(s) >=0.21 <0.40

Fix Suggestion:

Update to version 0.40

metanovo (CONDA):

Affected version(s) =1.9.4

Fix Suggestion:

Update to version no_fix

r-awr (CONDA):

Affected version(s) =1.11.189 <1.11.189_1

Fix Suggestion:

Update to version 1.11.189_1

pyspark (CONDA):

Affected version(s) >=2.1.0 <2.3.0

Fix Suggestion:

Update to version 2.3.0

eoulsan (CONDA):

Affected version(s) >=2.0_beta4 <2.3

Fix Suggestion:

Update to version 2.3

cromwell (CONDA):

Affected version(s) >=0.30 <40

Fix Suggestion:

Update to version 40

womtool (CONDA):

Affected version(s) >=31 <50

Fix Suggestion:

Update to version 50

mzmine (CONDA):

Affected version(s) >=3.6.0 <=3.9.0

Fix Suggestion:

Update to version no_fix

cromwell (CONDA):

Affected version(s) >=0.25 <0.29

Fix Suggestion:

Update to version 0.29

peptide-shaker (CONDA):

Affected version(s) >=1.1.3 <1.16.26

Fix Suggestion:

Update to version 1.16.26

lvdd.ecproduct.service.api.clientsdk-1.0.0 (NUGET):

Affected version(s) =1.0.0

Fix Suggestion:

Update to version no_fix

jetbrains.rider.frontend4 (NUGET):

Affected version(s) =202.0.20201215.161733 <202.0.20200820.182208

Fix Suggestion:

Update to version 202.0.20200820.182208

logstash-binary (NUGET):

Affected version(s) >=7.8.0 <=7.8.1

Fix Suggestion:

Update to version no_fix

vufind/vufind (PHP):

Affected version(s) >=dev-release-3.0 <v3.1

Fix Suggestion:

Update to version v3.1

wispiring/qcloudsms (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

titan-framework/sample-travel (PHP):

Affected version(s) >=1.16.09 <=1.16.09-p5

Fix Suggestion:

Update to version no_fix

vufind/vufind (PHP):

Affected version(s) =dev-legacy/vudl <dev-pullrequest_accessib_turn-my-account-menu-into-ul

Fix Suggestion:

Update to version dev-pullrequest_accessib_turn-my-account-menu-into-ul

titan-framework/sample-api (PHP):

Affected version(s) >=1.16.09 <=1.16.09-p3

Fix Suggestion:

Update to version no_fix

vufind/vufind (PHP):

Affected version(s) =dev-legacy/jquerymobile <dev-legacy/mink-autoretry

Fix Suggestion:

Update to version dev-legacy/mink-autoretry

vufind/vufind (PHP):

Affected version(s) =dev-feature/foundation5 <dev-release-5.0

Fix Suggestion:

Update to version dev-release-5.0

eslider/solr (PHP):

Affected version(s) >=4.10.4 <=4.10.5

Fix Suggestion:

Update to version no_fix

beakerx (PYTHON):

Affected version(s) >=0.3.0.dev0 <=1.4.1

Fix Suggestion:

Update to version no_fix

owlready2 (PYTHON):

Affected version(s) >=0.21 <0.40

Fix Suggestion:

Update to version 0.40

Related Resources (2)

https://issues.apache.org/jira/browse/HTTPCLIENT-1803

https://github.com/apache/httpcomponents-client/commit/0554271750599756d4946c0d7ba43d04b1a7b220

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE