CVE-2019-16680

Опубликовано: 21 сент. 2019

Источник: debian

EPSS Низкий

Описание

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
file-roller	fixed	3.30.0-1		package

Примечания

https://bugzilla.gnome.org/show_bug.cgi?id=794337
https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2

EPSS

Процентиль: 82%

0.01789

Низкий

Связанные уязвимости

CVE-2019-16680

CVSS3: 4.3

ubuntu

около 6 лет назад

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

CVE-2019-16680

CVSS3: 4.3

redhat

почти 8 лет назад

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

CVE-2019-16680

CVSS3: 4.3

nvd

около 6 лет назад

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

SUSE-SU-2020:1088-1

suse-cvrf

больше 5 лет назад

Security update for file-roller

GHSA-63pg-53ch-332g

CVSS3: 4.3

github

больше 3 лет назад

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

EPSS

Процентиль: 82%

0.01789

Низкий