Описание
tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive.
Ссылки
- Patch
- Exploit
- Patch
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 8.1.17 (исключая)
cpe:2.3:a:cauldrondevelopment:cbang:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00322
Низкий
7.5 High
CVSS3
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
почти 3 года назад
tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive.
EPSS
Процентиль: 55%
0.00322
Низкий
7.5 High
CVSS3
Дефекты
CWE-22
CWE-22