What is CVE-2021-40978?

CVE-2021-40978 is a vulnerability in N/a. Published 2021-10-07.

Is CVE-2021-40978 known to be exploited?

24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-40978

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/…

EPSS: 0.797 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

nisdn/CVE-2021-40978
0day404/vulnerability-poc
20142995/Goby
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
ArrestX/--POC
HimmelAward/Goby_
KayCHENvip/vulnerability-poc
Miraitowa70/POC-Notes

References

github.com/mkdocs/mkdocs (x_refsource_MISC)
github.com/nisdn/CVE-2021-40978 (x_refsource_MISC)
github.com/mkdocs/mkdocs/issues/2601 (x_refsource_MISC)
github.com/nisdn/CVE-2021-40978/issues/1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-40978?: CVE-2021-40978 is a vulnerability in N/a. Published 2021-10-07.
Is CVE-2021-40978 known to be exploited?: 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.