Описание
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.3.3+dfsg-2ubuntu1.2 |
| devel | not-affected | 1.4.8+dfsg-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 1.3.3+dfsg-2ubuntu1.2 |
| esm-infra/focal | released | 1.4.4+dfsg-3ubuntu0.1 |
| esm-infra/xenial | released | 1.3.1+dfsg-1~ubuntu0.16.04.1+esm3 |
| focal | released | 1.4.4+dfsg-3ubuntu0.1 |
| groovy | released | 1.4.5+dfsg-4ubuntu0.1 |
| hirsute | not-affected | 1.4.8+dfsg-1 |
| impish | not-affected | 1.4.8+dfsg-1 |
Показывать по
EPSS
2.1 Low
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
In the Zstandard command-line utility prior to v1.4.1, output files we ...
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
Уязвимость библиотеки для сжатия данных Zstandard, связанная с настройками прав доступа по умолчанию, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
2.1 Low
CVSS2
5.5 Medium
CVSS3