CVE-2025-49466

Опубликовано: 05 июн. 2025

Источник: debian

Описание

aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,

Пакет	Статус	Версия исправления	Релиз	Тип
aerc	fixed	0.20.0-2		package
aerc	not-affected		bookworm	package

Fixed by: https://git.sr.ht/~rjarry/aerc/commit/93bec0de8ed5ab3d6b1f01026fe2ef20fa154329
Regression fix: https://git.sr.ht/~rjarry/aerc/commit/2bbe75fe0bc87ab4c1e16c5a18c6200224391629

CVE-2025-49466

CVSS3: 5.8

ubuntu

14 дней назад

aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,

CVE-2025-49466

CVSS3: 5.8

nvd

14 дней назад

aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,

GHSA-2f2j-p95m-cpgc

CVSS3: 5.8

github

14 дней назад

aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,