The existing URI path filters in OctoRPKI (version < 1.4.3) mitigating Path traversal vulnerability could be bypassed by an attacker. In case a malicious TAL file is parsed, it was possible to write files outside the base cache folder.
github.com/cloudflare/cfrpki/cmd/octorpki
The issue was fixed in version 1.4.3
CPE | Name | Operator | Version |
---|---|---|---|
github.com/cloudflare/cfrpki | lt | 1.4.3 |