6 matches found
Alibaba Cloud Linux 3 : 0087: librepo (ALINUX3-SA-2021:0087)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0087 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-14352: A flaw was found in librepo in...
NewStart CGSL CORE 5.05 / MAIN 5.05 : librepo Vulnerability (NS-SA-2021-0170)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has librepo packages installed that are affected by a vulnerability: - A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository...
NewStart CGSL CORE 5.04 / MAIN 5.04 : librepo Vulnerability (NS-SA-2021-0049)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has librepo packages installed that are affected by a vulnerability: - A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository...
Oracle Linux 7 : librepo (ELSA-2020-5012)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5012 advisory. 1.8.1-8 - Validate paths read from repomd.xml RhBug: 1866500 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Directory Traversal
librepo is vulnerable to directory traversal. The vulnerability exists through a missing path validation in repomd.xml...
CVE-2020-14352
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system v...