12 matches found
EUVD-2024-1644
Malicious code in bioql PyPI...
CVE-2020-26312
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder...
GO-2024-2849 dotmesh arbitrary file read and/or write in github.com/dotmesh-io/dotmesh
dotmesh arbitrary file read and/or write in github.com/dotmesh-io/dotmesh...
GHSA-HF54-FQ2M-P9V6 dotmesh arbitrary file read and/or write
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...
dotmesh arbitrary file read and/or write
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...
CVE-2020-26312
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...
CVE-2020-26312
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...
CVE-2020-26312 GHSL-2020-254: Arbitrary file read and/or write in dotmesh
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...
CVE-2020-26312 GHSL-2020-254: Arbitrary file read and/or write in dotmesh
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...
CVE-2020-26312
CVE-2020-26312 affects Dotmesh (versions 0.8.1 and prior) and stems from unsafe handling of symbolic links in the unpacking routine. The untarFile flow can be manipulated by a malicious tarball to create a symlink chain that escapes the target directory, enabling arbitrary file read and/or write ...
Dotmesh 安全漏洞
Dotmesh is a git-like CLI open-sourced by Dotscience for capturing, organizing and sharing application state. A security vulnerability exists in Dotmesh 0.8.1 and earlier versions, which stems from the insecure handling of symbolic links in the unpacking routine, and could allow an attacker to re...
PT-2024-10802 · Dotmesh · Dotmesh
Name of the Vulnerable Software and Affected Versions: Dotmesh versions 0.8.1 and prior Description: The issue is related to the unsafe handling of symbolic links in an unpacking routine, which may enable attackers to read and/or write to arbitrary locations outside the designated target folder...