Lucene search
K

GHSA-47WR-426J-FR82 Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer

🗓️ 12 Feb 2022 00:14:07Reported by GoogleType 
osv
 osv
🔗 osv.dev👁 19 Views

Symbolic links in unpacking routine can enable attackers to read/write to arbitrary locations in dbdeployer. Mitigating factors include user privilege and tarball source verification. An attacker may inject a symbolic link to a critical file, resulting in system compromise. Remedies include evaluating link targets, and applying depth comparison to block malicious operations. Version 1.58.2 contains patch

Related
Refs

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation