VDB
KO

PYSEC-2026-745

Roundup Directory traversal vulnerability

Details

Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via `..` (dot dot) sequences in an `@@` command in an HTTP GET request.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / roundup
Introduced in: 0 Fixed in: 0.7.3
Fix pip install --upgrade 'roundup>=0.7.3'

References