CVE-2010-1512

2010-05-1721:00:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2010-1512

directory traversal

vulnerability

aria2

remote attack

arbitrary files

metalink file

nvd

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.8%

JSON

Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

CPENameOperatorVersion
tatsuhiro_tsujikawa:aria2tatsuhiro tsujikawa aria2eq1.4.0
tatsuhiro_tsujikawa:aria2tatsuhiro tsujikawa aria2eq1.6.0
tatsuhiro_tsujikawa:aria2tatsuhiro tsujikawa aria2eq0.13.0\+1
tatsuhiro_tsujikawa:aria2tatsuhiro tsujikawa aria2eq1.6.1
tatsuhiro_tsujikawa:aria2tatsuhiro tsujikawa aria2eq0.16.2
tatsuhiro_tsujikawa:aria2tatsuhiro tsujikawa aria2eq0.10.1
tatsuhiro_tsujikawa:aria2tatsuhiro tsujikawa aria2eq0.15.2
tatsuhiro_tsujikawa:aria2tatsuhiro tsujikawa aria2eq1.5.2
tatsuhiro_tsujikawa:aria2tatsuhiro tsujikawa aria2eq0.3.1
tatsuhiro_tsujikawa:aria2tatsuhiro tsujikawa aria2eq0.9.0

CPE	Name	Operator	Version
tatsuhiro_tsujikawa:aria2	tatsuhiro tsujikawa aria2	eq	1.4.0
tatsuhiro_tsujikawa:aria2	tatsuhiro tsujikawa aria2	eq	1.6.0
tatsuhiro_tsujikawa:aria2	tatsuhiro tsujikawa aria2	eq	0.13.0\+1
tatsuhiro_tsujikawa:aria2	tatsuhiro tsujikawa aria2	eq	1.6.1
tatsuhiro_tsujikawa:aria2	tatsuhiro tsujikawa aria2	eq	0.16.2
tatsuhiro_tsujikawa:aria2	tatsuhiro tsujikawa aria2	eq	0.10.1
tatsuhiro_tsujikawa:aria2	tatsuhiro tsujikawa aria2	eq	0.15.2
tatsuhiro_tsujikawa:aria2	tatsuhiro tsujikawa aria2	eq	1.5.2
tatsuhiro_tsujikawa:aria2	tatsuhiro tsujikawa aria2	eq	0.3.1
tatsuhiro_tsujikawa:aria2	tatsuhiro tsujikawa aria2	eq	0.9.0