Описание
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| flightcrew | fixed | 0.7.2+dfsg-14 | package | |
| flightcrew | fixed | 0.7.2+dfsg-13+deb10u1 | buster | package |
| flightcrew | fixed | 0.7.2+dfsg-9+deb9u1 | stretch | package |
Примечания
https://github.com/Sigil-Ebook/flightcrew/issues/52
Связанные уязвимости
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
Уязвимость EPUB-валидатора FlightCrew, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю записывать произвольные файлы