Hi Team,
I am the security researcher who reported the path traversal vulnerability in mssql-python.
Report Details:
- Submitted to MSRC on April 20, 2026 (VULN-183589, Case 113816)
- CWE: CWE-22 (Path Traversal)
- CVSS v3.1: 7.5 High (
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L)
Vulnerability:
The setup_logging(log_file_path=...) function only performed an extension check and was vulnerable to directory traversal, allowing arbitrary file writes.
Fix:
The issue is now resolved.
Request:
I kindly request the maintainers to:
- Create a GitHub Security Advisory for this vulnerability.
- Request a CVE-ID from MITRE.
Assigning a CVE will help with proper tracking by vulnerability scanners, Linux distributions, and the broader security community.
Thank you for your time and for merging the fix quickly.
Best regards,
Gouri Sankar A
Hi Team,
I am the security researcher who reported the path traversal vulnerability in
mssql-python.Report Details:
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L)Vulnerability:
The
setup_logging(log_file_path=...)function only performed an extension check and was vulnerable to directory traversal, allowing arbitrary file writes.Fix:
The issue is now resolved.
Request:
I kindly request the maintainers to:
Assigning a CVE will help with proper tracking by vulnerability scanners, Linux distributions, and the broader security community.
Thank you for your time and for merging the fix quickly.
Best regards,
Gouri Sankar A