
We found results for “”
CVE-2024-10389
Good to know:

Date: November 4, 2024
There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc
Language: Go
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Top Fix

Upgrade Version
Upgrade to version github.com/google/safearchive - v0.0.0-20241025131057-f7ce9d7b6f9c
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | HIGH |
Availability (A): | LOW |