Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious ‘fzsftp’ binary in the user’s home directory.
[
{
"product": "FileZilla",
"vendor": "FileZilla",
"versions": [
{
"status": "affected",
"version": "3.41.0-rc1"
}
]
}
]
lists.debian.org/debian-lts-announce/2022/05/msg00037.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7WUJWTJA55ILACKLTJFSQUYEBHVYENL/
security.gentoo.org/glsa/202007-51
svn.filezilla-project.org/filezilla?view=revision&revision=9112
www.tenable.com/security/research/tra-2019-14