Описание
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 7.58.0-2ubuntu3.24 |
| devel | not-affected | 7.88.1-6ubuntu2 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | 7.58.0-2ubuntu3.24 |
| esm-infra/focal | not-affected | 7.68.0-1ubuntu2.18 |
| esm-infra/xenial | not-affected | code not present |
| focal | released | 7.68.0-1ubuntu2.18 |
| jammy | released | 7.81.0-1ubuntu1.10 |
| kinetic | released | 7.85.0-1ubuntu0.5 |
| lunar | released | 7.88.1-6ubuntu2 |
Показывать по
EPSS
8.8 High
CVSS3
Связанные уязвимости
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
A path traversal vulnerability exists in curl <8.0.0 SFTP implementati ...
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
EPSS
8.8 High
CVSS3