3 matches found
Code injection
It was discovered that the processreport function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks...
CVE-2021-32557
CVE-2021-32557 fixes a vulnerability in Ubuntu Apport where process_report() in data/whoopsie-upload-all could write arbitrary files via symlinks. The CVSSv3.1 vector (LOCAL, LOW to MEDIUM/LOW privileges, I and A HIGH) points to a LOCAL attack with high impact on integrity and availability. Affec...
CVE-2021-32557 apport process_report() arbitrary file write
It was discovered that the processreport function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks...