Описание
Weblate wlc path traversal vulnerability: Unsanitized API slugs in download command
Impact
Multi-translation download could write to an arbitrary location when instructed by a crafted server.
Patches
Workarounds
Do not use wlc download with untrusted servers.
References
This issue was reported to us by wh1zee via HackerOne.
Ссылки
Пакеты
wlc
< 1.17.2
1.17.2
Связанные уязвимости
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.
wlc is a Weblate command-line client using Weblate's REST API. Prior t ...