Описание
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| koji | fixed | 1.16.0-1 | package | |
| koji | fixed | 1.10.0-1+deb9u1 | stretch | package |
Примечания
https://pagure.io/koji/issue/563
https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 8 лет назад
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
CVSS3: 7.5
nvd
больше 8 лет назад
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
