GHSA-28xp-g7f6-7mhf

Опубликовано: 14 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Syncthing vulnerable to symlink traversal and arbitrary file overwrite

Syncthing version 0.14.33 and older erronously versions symlinks when they are deleted. If a directory is then created with the same name, a file created in that directory, and the file deleted, it is moved into the symlink target. This can lead to symlink traversal resulting in arbitrary file overwrite.

Ссылки

Пакеты

Наименование

github.com/syncthing/syncthing

Затронутые версииВерсия исправления

<= 0.14.33

Отсутствует

EPSS

Процентиль: 50%

0.00269

Низкий

7.5 High

CVSS3

CVE ID

CVE-2017-1000420

Дефекты

CWE-59

Связанные уязвимости

CVE-2017-1000420

CVSS3: 7.5

ubuntu

почти 8 лет назад

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite

CVE-2017-1000420

CVSS3: 7.5

nvd

почти 8 лет назад

Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite

CVE-2017-1000420

CVSS3: 7.5

debian

почти 8 лет назад

Syncthing version 0.14.33 and older is vulnerable to symlink traversal ...

openSUSE-SU-2018:0109-1

suse-cvrf

почти 8 лет назад

Security update for syncthing

EPSS

Процентиль: 50%

0.00269

Низкий

7.5 High

CVSS3

CVE ID

CVE-2017-1000420

Дефекты

CWE-59