{"id":"MGASA-2021-0024","summary":"Updated awstats package fixes a security vulnerability","details":"It was discovered that Awstats was vulnerable to path traversal attacks. A\nremote unauthenticated attacker could leverage that to perform arbitrary code\nexecution. The previous fix did not fully address the issue when the default\n/etc/awstats/awstats.conf is not present (CVE-2020-29600).\n","modified":"2026-02-02T01:23:35.464320Z","published":"2021-01-14T15:13:25Z","related":["CVE-2020-29600"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0024.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27920"},{"type":"REPORT","url":"https://www.debian.org/lts/security/2020/dla-2506"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/47QZWKSRZYZFESYTLSW7A6KVKOOPL7IV/"}],"affected":[{"package":{"name":"awstats","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/awstats?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.7-1.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0024.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}