WS-2017-3734 | Mend Vulnerability Database

Vulnerability DatabaseWS-2017-3734

WS-2017-3734

Published:May 14, 2026

Updated:May 14, 2026

Affected versions of the package are vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server

Affected Packages

beakerx (CONDA):

Affected version(s) >=0.3.0.dev0 <=1.4.1

Fix Suggestion:

Update to version no_fix

mzmine (CONDA):

Affected version(s) >=3.6.0 <=3.9.0

Fix Suggestion:

Update to version no_fix

pepgenome (CONDA):

Affected version(s) =1.1.beta

Fix Suggestion:

Update to version no_fix

r-awr (CONDA):

Affected version(s) =1.11.189 <1.11.189_1

Fix Suggestion:

Update to version 1.11.189_1

womtool (CONDA):

Affected version(s) >=31 <50

Fix Suggestion:

Update to version 50

womtool (CONDA):

Affected version(s) =52 <53

Fix Suggestion:

Update to version 53

sirius-csifingerid (CONDA):

Affected version(s) =4.0.1 <4.9.3

Fix Suggestion:

Update to version 4.9.3

peptide-shaker (CONDA):

Affected version(s) >=1.16.29 <2.0.33

Fix Suggestion:

Update to version 2.0.33

cromwell (CONDA):

Affected version(s) >=0.30 <40

Fix Suggestion:

Update to version 40

eoulsan (CONDA):

Affected version(s) >=2.0_beta4 <2.3

Fix Suggestion:

Update to version 2.3

cromwell (CONDA):

Affected version(s) >=0.25 <0.29

Fix Suggestion:

Update to version 0.29

peptide-shaker (CONDA):

Affected version(s) >=1.1.3 <1.16.26

Fix Suggestion:

Update to version 1.16.26

metanovo (CONDA):

Affected version(s) =1.9.4

Fix Suggestion:

Update to version no_fix

mpa-portable (CONDA):

Affected version(s) =1.4.1 <1.9.0

Fix Suggestion:

Update to version 1.9.0

nextflow (CONDA):

Affected version(s) >=0.27.0 <0.30.0

Fix Suggestion:

Update to version 0.30.0

eoulsan (CONDA):

Affected version(s) >=2.4 <=2.5

Fix Suggestion:

Update to version no_fix

owlready2 (CONDA):

Affected version(s) >=0.21 <0.40

Fix Suggestion:

Update to version 0.40

fgbio (CONDA):

Affected version(s) >=0.1.2a <0.2.0

Fix Suggestion:

Update to version 0.2.0

fgbio (CONDA):

Affected version(s) >=0.2.1a <0.4.0

Fix Suggestion:

Update to version 0.4.0

pyspark (CONDA):

Affected version(s) >=2.1.0 <2.3.0

Fix Suggestion:

Update to version 2.3.0

gsea (CONDA):

Affected version(s) =4.3.2

Fix Suggestion:

Update to version no_fix

logstash-binary (NUGET):

Affected version(s) >=7.8.0 <=7.8.1

Fix Suggestion:

Update to version no_fix

jetbrains.rider.frontend4 (NUGET):

Affected version(s) =202.0.20201215.161733 <202.0.20200820.182208

Fix Suggestion:

Update to version 202.0.20200820.182208

lvdd.ecproduct.service.api.clientsdk-1.0.0 (NUGET):

Affected version(s) =1.0.0

Fix Suggestion:

Update to version no_fix

eslider/solr (PHP):

Affected version(s) >=4.10.4 <=4.10.5

Fix Suggestion:

Update to version no_fix

vufind/vufind (PHP):

Affected version(s) =dev-legacy/vudl <dev-pullrequest_accessib_turn-my-account-menu-into-ul

Fix Suggestion:

Update to version dev-pullrequest_accessib_turn-my-account-menu-into-ul

vufind/vufind (PHP):

Affected version(s) >=dev-release-3.0 <v3.1

Fix Suggestion:

Update to version v3.1

wispiring/qcloudsms (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

vufind/vufind (PHP):

Affected version(s) =dev-legacy/jquerymobile <dev-legacy/mink-autoretry

Fix Suggestion:

Update to version dev-legacy/mink-autoretry

titan-framework/sample-api (PHP):

Affected version(s) >=1.16.09 <=1.16.09-p3

Fix Suggestion:

Update to version no_fix

vufind/vufind (PHP):

Affected version(s) =dev-feature/foundation5 <dev-release-5.0

Fix Suggestion:

Update to version dev-release-5.0

titan-framework/sample-travel (PHP):

Affected version(s) >=1.16.09 <=1.16.09-p5

Fix Suggestion:

Update to version no_fix

owlready2 (PYTHON):

Affected version(s) >=0.21 <0.40

Fix Suggestion:

Update to version 0.40

beakerx (PYTHON):

Affected version(s) >=0.3.0.dev0 <=1.4.1

Fix Suggestion:

Update to version no_fix

Related Resources (2)

https://github.com/apache/httpcomponents-client/commit/0554271750599756d4946c0d7ba43d04b1a7b220

https://issues.apache.org/jira/browse/HTTPCLIENT-1803

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE