Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:RUSTSEC-2020-0030
HistoryAug 18, 2020 - 12:00 p.m.

Missing sanitization in mozwire allows local file overwrite of files ending in .conf

2020-08-1812:00:00
Google
osv.dev
8

EPSS

0.001

Percentile

42.1%

JSON

The client software downloaded a list of servers from mozilla’s servers and created local files named
after the hostname field in the json document.

No verification of the content of the string was made, and it could therefore have included ‘…/’ leading to path traversal.

This allows an attacker in control of mozilla’s servers to overwrite/create local files named .conf.

The flaw was corrected by sanitizing the hostname field.

Related

github 1
cvelist 1
cve 1
prion 1
rustsec 1
osv 2
nvd 1
github
github
Path traversal in mozwire
2021-08-25 20:49:02
cvelist
cvelist
CVE-2020-35883
2020-12-31 08:25:58
cve
cve
CVE-2020-35883
2020-12-31 10:15:16
prion
prion
Directory traversal
2020-12-31 10:15:00
rustsec
rustsec
Missing sanitization in mozwire allows local file overwrite of files ending in .conf
2020-08-18 12:00:00
osv
osv
Path traversal in mozwire
2021-08-25 20:49:02
CVE-2020-35883
2020-12-31 10:15:16
nvd
nvd
CVE-2020-35883
2020-12-31 10:15:16

EPSS

0.001

Percentile

42.1%

JSON
Related for OSV:RUSTSEC-2020-0030
github1cvelist1cve1prion1rustsec1osv2nvd1