Lucene search
K

6 matches found

OSV
OSV
added 2022/06/25 7:12 a.m.27 views

GHSA-3JHM-87M6-X959 Path traversal mitigation bypass in OctoRPKI

Impact The existing URI path filters in OctoRPKI version 1.4.3 mitigating Path traversal vulnerability could be bypassed by an attacker. In case a malicious TAL file is parsed, it was possible to write files outside the base cache folder. Specific Go Packages Affected...

9.8CVSS9.1AI score0.04065EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/06/25 7:12 a.m.22 views

Path traversal mitigation bypass in OctoRPKI

Impact The existing URI path filters in OctoRPKI version 1.4.3 mitigating Path traversal vulnerability could be bypassed by an attacker. In case a malicious TAL file is parsed, it was possible to write files outside the base cache folder. Specific Go Packages Affected...

9.8CVSS8.7AI score0.04065EPSS
Exploits0References5Affected Software1
Debian
Debian
added 2022/01/11 9:54 p.m.61 views

[SECURITY] [DSA 5041-1] cfrpki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5041-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 11, 2022 https://www.debian.org/security/faq -...

9.8CVSS7.8AI score0.04065EPSS
Exploits0
Debian
Debian
added 2021/12/30 7:35 p.m.61 views

[SECURITY] [DSA 5033-1] fort-validator security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5033-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 30, 2021 https://www.debian.org/security/faq -...

9.8CVSS7.3AI score0.04065EPSS
Exploits0
CVE
CVE
added 2021/11/11 9:45 p.m.106 views

CVE-2021-3907

CVE-2021-3907 affects OctoRPKI: a URI containing a filename with ".." can cause a repository to write a file outside the base cache folder, potentially enabling remote code execution on the host running OctoRPKI. The connected documents indicate this is a path/traversal issue in the OctoRPKI impl...

9.8CVSS8.8AI score0.04065EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/11/11 9:45 p.m.39 views

CVE-2021-3907 Arbitrary filepath traversal via URI injection

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa, which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine...

7.4CVSS9.9AI score0.04065EPSS
Exploits0References4
Rows per page
Query Builder