Описание
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| wlc | unfixed | package | ||
| wlc | no-dsa | trixie | package | |
| wlc | no-dsa | bookworm | package | |
| wlc | no-dsa | bullseye | package |
Примечания
https://github.com/WeblateOrg/wlc/security/advisories/GHSA-mmwx-79f6-67jg
https://github.com/WeblateOrg/wlc/pull/1128
Fixed by: https://github.com/WeblateOrg/wlc/commit/216e691c6e50abae97fe2e4e4f21501bf49a585f (1.17.2)
Связанные уязвимости
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.
Weblate wlc path traversal vulnerability: Unsanitized API slugs in download command