RSS   Vulnerabilities for 'Go rpm utils'   RSS

2020-06-24
 
CVE-2020-7667

CWE-20
 

 
The CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released.

 

 >>> Vendor: SAS 12 Products
Sas base
Sas integration technologies
BASE
Integration technologies
Base sas
Visual analytics
Web infrastructure platform
Xml mapper
Go rpm utils
Environment manager
Sas\/intrnet
Logon manager


Copyright 2024, cxsecurity.com

 

Back to Top