Описание
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | 259 |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| mantic | ignored | end of life, was needs-triage |
Показывать по
10
EPSS
Процентиль: 88%
0.04082
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
почти 2 года назад
diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.
CVSS3: 7.5
debian
почти 2 года назад
diffoscope before 256 allows directory traversal via an embedded filen ...
EPSS
Процентиль: 88%
0.04082
Низкий
7.5 High
CVSS3