CloudflareCVELIST:CVE-2021-3907CVE-2021-3907 Arbitrary filepath traversal via URI injection
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
9.9 High
AI Score
Confidence
High
0.064 Low
EPSS
Percentile
93.7%
OctoRPKI does not escape a URI with a filename containing “…”, this allows a repository to create a file, (ex. rsync://example.org/repo/…/…/etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.
CNA Affected
[
{
"product": "octorpki",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "1.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
9.9 High
AI Score
Confidence
High
0.064 Low
EPSS
Percentile
93.7%