Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-33870

Опубликовано: 03 июл. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.3

Описание

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.

РелизСтатусПримечание
devel

released

10.02.1~dfsg1-0ubuntu9
esm-infra/bionic

needs-triage

esm-infra/focal

not-affected

9.50~dfsg-5ubuntu4.12
esm-infra/xenial

needs-triage

focal

released

9.50~dfsg-5ubuntu4.12
jammy

released

9.55.0~dfsg1-0ubuntu5.7
mantic

released

10.01.2~dfsg1-0ubuntu2.3
noble

released

10.02.1~dfsg1-0ubuntu7.1
oracular

released

10.02.1~dfsg1-0ubuntu9
plucky

released

10.02.1~dfsg1-0ubuntu9

Показывать по

Ссылки на источники

EPSS

Процентиль: 35%
0.00136
Низкий

6.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-33870

CVSS3: 6.8
redhat
около 1 года назад

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.

nvd логотип

CVE-2024-33870

CVSS3: 6.3
nvd
12 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.

debian логотип

CVE-2024-33870

CVSS3: 6.3
debian
12 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.03.1. There i ...

github логотип

GHSA-3xr3-vrm2-6jc7

CVSS3: 6.3
github
12 месяцев назад

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.

fstec логотип

BDU:2024-05063

CVSS3: 6.8
fstec
около 1 года назад

Уязвимость интерпретатора набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, связанная с ошибками в обработке относительного пути к каталогу, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 35%
0.00136
Низкий

6.3 Medium

CVSS3