Описание
Path traversal mitigation bypass in OctoRPKI
Impact
The existing URI path filters in OctoRPKI (version < 1.4.3) mitigating Path traversal vulnerability could be bypassed by an attacker. In case a malicious TAL file is parsed, it was possible to write files outside the base cache folder.
Specific Go Packages Affected
github.com/cloudflare/cfrpki/cmd/octorpki
Patches
The issue was fixed in version 1.4.3
References
Пакеты
Наименование
github.com/cloudflare/cfrpki
go
Затронутые версииВерсия исправления
< 1.4.3
1.4.3
Дефекты
CWE-22
Дефекты
CWE-22