Описание
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
Ссылки
- ExploitIssue TrackingMailing ListThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Vendor Advisory
- ExploitIssue TrackingMailing ListThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
In the Zstandard command-line utility prior to v1.4.1, output files we ...
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
Уязвимость библиотеки для сжатия данных Zstandard, связанная с настройками прав доступа по умолчанию, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
5.5 Medium
CVSS3
2.1 Low
CVSS2