In the case that a malicious TAL file is parsed pointing to a repository that provides a malicious ROA file which octorpki downloads, it is possible to bypass the current directory traversal mitigation to allow writing outside of the current directory.
No patch release has been made
CPE | Name | Operator | Version |
---|---|---|---|
github.com/cloudflare/cfrpki | lt | 1.4.3 |