Описание
Weblate has an arbitrary file read via symbolic links
Impact
It was possible to read arbitrary files from the server file system using crafted symbolic links in the repository.
Resources
Thanks to Jason Marcello for responsible disclosure.
Пакеты
Наименование
Weblate
pip
Затронутые версииВерсия исправления
< 5.15.1
5.15.1
Связанные уязвимости
CVSS3: 7.7
nvd
около 2 месяцев назад
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.
CVSS3: 7.7
debian
около 2 месяцев назад
Weblate is a web based localization tool. In versions prior to 5.15.1, ...