GHSA-47WR-426J-FR82 Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer
Impact Users unpacking a tarball through dbdeployer may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a system file, thus altering the computer defences. Mitigating factors For the...