Lucene search
K

6 matches found

OSV
OSV
added 2026/06/08 3:33 p.m.6 views

GHSA-33MJ-99MG-8G73 Routinator has cache path traversal when processing the module component of rsync URIs

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS5.2AI score0.00433EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/08 3:33 p.m.9 views

Routinator has cache path traversal when processing the module component of rsync URIs

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS5.2AI score0.00433EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/27 10:57 p.m.8 views

GHSA-G3VG-VX23-3858 compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal

Summary The compliance-trestle library's remote fetching cache mechanism HTTPSFetcher and SFTPFetcher constructs the local cache file path from the URL path component without sanitizing path traversal sequences ../. When a remote OSCAL profile references a URL with traversal in its path, the HTTP...

7.1CVSS6.4AI score0.00047EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/21 12:0 a.m.6 views

openSUSE 15 Security Update : vexctl (SUSE-SU-2026:0592-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0592-1 advisory. - Update to version 0.4.1+git78.f951e3a: - CVE-2025-22868: Unexpected memory consumption during token parsing in golang.org/x/oauth2. bsc1239186 -...

9.1CVSS7AI score0.03092EPSS
Exploits5References28
OSV
OSV
added 2026/02/19 5:28 p.m.5 views

GO-2026-4358 Sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal in github.com/sigstore/sigstore

Sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal in github.com/sigstore/sigstore...

5.8CVSS6.7AI score0.0037EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/23 12:4 a.m.3 views

EUVD-2026-3781

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

5.8CVSS5.6AI score0.0037EPSS
Exploits0References4
Rows per page
Query Builder