CVE-2017-6200

2018-02-0616:29:00

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn’t filter Line Feed (\n) characters in a directory name.

CPENameOperatorVersion
sandstormeq0.148
sandstormeq0.107
sandstormeq0.161
sandstormeq0.110
sandstormeq0.127
sandstormeq0.149
sandstormeq0.179
sandstormeq0.112
sandstormeq0.78
sandstormeq0.92

Name	Operator	Version
sandstorm	eq	0.148
sandstorm	eq	0.107
sandstorm	eq	0.161
sandstorm	eq	0.110
sandstorm	eq	0.127
sandstorm	eq	0.149
sandstorm	eq	0.179
sandstorm	eq	0.112
sandstorm	eq	0.78
sandstorm	eq	0.92