CVE-2017-8314

Опубликовано: 23 мая 2017

Источник: debian

EPSS Низкий

Описание

Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.

Пакет	Статус	Версия исправления	Релиз	Тип
kodi	fixed	2:17.1+dfsg1-3		package
xbmc	removed			package
xbmc	no-dsa		jessie	package

http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release
Fixed by https://github.com/xbmc/xbmc/commit/35cfe35608b15335ef21d798947fceab3f47c8d7

EPSS

Процентиль: 91%

0.0692

Низкий

CVE-2017-8314

CVSS3: 5.5

ubuntu

больше 8 лет назад

Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.

CVE-2017-8314

CVSS3: 5.5

nvd

больше 8 лет назад

Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.

GHSA-xc9h-m4wq-vhxg

CVSS3: 5.5

github

больше 3 лет назад

Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.

EPSS

Процентиль: 91%

0.0692

Низкий