GHSA-4vhw-4rw7-jfpv

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

CVSS3: 9.1

Описание

Path traversal in mozwire

An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2020-35883
https://github.com/NilsIrl/MozWire/issues/14
https://github.com/NilsIrl/MozWire/pull/17/commits/dd0639bf2876773b66382f47285f7db701f628d9
https://github.com/NilsIrl/MozWire
https://rustsec.org/advisories/RUSTSEC-2020-0030.html

Пакеты

Наименование

mozwire

rust

Затронутые версииВерсия исправления

< 0.5.0

0.5.0

EPSS

Процентиль: 61%

0.00417

Низкий

9.1 Critical

CVSS3

CVE ID

CVE-2020-35883

Дефекты

CWE-22

Связанные уязвимости

CVE-2020-35883

CVSS3: 9.1

nvd

около 5 лет назад

An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.

EPSS

Процентиль: 61%

0.00417

Низкий

9.1 Critical

CVSS3

CVE ID

CVE-2020-35883

Дефекты

CWE-22