Lucene search
+L

6 matches found

osv
osv
added 2022/06/25 7:12 a.m.27 views

GHSA-3JHM-87M6-X959 Path traversal mitigation bypass in OctoRPKI

Impact The existing URI path filters in OctoRPKI version 1.4.3 mitigating Path traversal vulnerability could be bypassed by an attacker. In case a malicious TAL file is parsed, it was possible to write files outside the base cache folder. Specific Go Packages Affected...

9.8CVSS9.1AI score0.04065EPSS
Exploits0References5
github
github
added 2022/06/25 7:12 a.m.23 views

Path traversal mitigation bypass in OctoRPKI

Impact The existing URI path filters in OctoRPKI version 1.4.3 mitigating Path traversal vulnerability could be bypassed by an attacker. In case a malicious TAL file is parsed, it was possible to write files outside the base cache folder. Specific Go Packages Affected...

9.8CVSS8.7AI score0.04065EPSS
Exploits0References5Affected Software1
debian
debian
added 2022/01/11 9:54 p.m.61 views

[SECURITY] [DSA 5041-1] cfrpki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5041-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 11, 2022 https://www.debian.org/security/faq -...

9.8CVSS7.8AI score0.04065EPSS
Exploits0
debian
debian
added 2021/12/30 7:35 p.m.77 views

[SECURITY] [DSA 5033-1] fort-validator security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5033-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 30, 2021 https://www.debian.org/security/faq -...

9.8CVSS7.3AI score0.04065EPSS
Exploits0
cvelist
cvelist
added 2021/11/11 9:45 p.m.39 views

CVE-2021-3907 Arbitrary filepath traversal via URI injection

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...

7.4CVSS9.9AI score0.04065EPSS
Exploits0References4
cve
cve
added 2021/11/11 9:45 p.m.106 views

CVE-2021-3907

CVE-2021-3907 affects OctoRPKI: a URI containing a filename with ".." can cause a repository to write a file outside the base cache folder, potentially enabling remote code execution on the host running OctoRPKI. The connected documents indicate this is a path/traversal issue in the OctoRPKI impl...

9.8CVSS8.8AI score0.04065EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder