rsync: Path traversal vulnerability in rsync

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

CLSA-2025-1738852614 rsync: Fix of 2 CVEs

CVE-2024-12087: fix path traversal vulnerability in rsync enabled by the '--inc-recursive' option - CVE-2024-12088: make --safe-links stricter...

CLSA-2025-1738833413 rsync: Fix of 2 CVEs

CVE-2024-12087: fix path traversal vulnerability in rsync enabled by the '--inc-recursive' option - CVE-2024-12088: make --safe-links stricter...

CURL-CVE-2020-8177 curl overwrite local file with -J

curl can be tricked by a malicious server to overwrite a local file when using -J --remote-header-name and -i --include in the same command line. The command line tool offers the -J option that saves a remote file using the filename present in the Content-Disposition: response header. curl then...

PT-2020-3018 · Curl +7 · Curl +7

Name of the Vulnerable Software and Affected Versions: curl versions 7.20.0 through 7.70.0 Description: The issue exists due to a logical error in handling the Content-Disposition header of an HTTP response. This can allow a remote attacker to overwrite a local file. The vulnerability is related ...