Описание
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 3.10.22-13 |
| bionic | not-affected | 3.10.22-13 |
| cosmic | not-affected | 3.10.22-13 |
| devel | not-affected | 3.10.22-13 |
| disco | not-affected | 3.10.22-13 |
| esm-apps/bionic | not-affected | 3.10.22-13 |
| esm-apps/xenial | not-affected | 3.10.22-13 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| lucid | ignored | end of life |
| precise | released | 3.10.22-10+deb7u1build0.12.04.1 |
Показывать по
Ссылки на источники
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
Open-source ARJ archiver 3.10.22 does not properly remove leading slas ...
Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
EPSS
5.8 Medium
CVSS2