Описание
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.9.9+dfsg-1ubuntu0.1~esm1 |
| devel | released | 0.9.14+dfsg-1ubuntu1 |
| disco | released | 0.9.13+dfsg-1ubuntu0.1 |
| esm-apps/bionic | released | 0.9.9+dfsg-1ubuntu0.1~esm1 |
| esm-apps/xenial | released | 0.9.5+dfsg-0ubuntu1+esm1 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | released | 0.9.16 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
Уязвимость программное средство редактирования электронных книг в формате EPUB Sigil, существующая из-за неверного ограничения имени пути к каталогу с ограниченным доступом, позволяющая нарушителю записать произвольные файлы в произвольную директорию
EPSS
5 Medium
CVSS2
7.5 High
CVSS3