OctoRPKI does not escape a URI with a filename containing “…”, this allows a repository to create a file, (ex. rsync://example.org/repo/…/…/etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.
CPE | Name | Operator | Version |
---|---|---|---|
octorpki | lt | 1.3.0 | |
debian_linux | eq | 10.0 | |
debian_linux | eq | 11.0 |