PT-2025-23987

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns the behavior of os.OpenFile when the target path is a dangling symlink. On Unix systems, os.OpenFile with O CREATE and O EXCL flags never follows symlinks. However, on...

Hyperledger: Relative Path Traversal vulnerability in fabric-private-chaincode

Unsanitized input from os.Args3 : 75 CLI argument flows into os.OpenFile, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to open arbitrary files. The following steps of code lines with respective code confirm the issue: -...

CVE-2020-27534

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

CVE-2020-27534

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

CVE-2020-27534

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

CVE-2020-27534

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

CVE-2020-27534

The CVE-2020-27534 issue affects Docker Engine up to version 19.03.9, where util/binfmt_misc/check.go in the Builder calls os.OpenFile with a potentially unsafe qemu-check temporary pathname created via an ioutil.TempDir with an empty first argument. Exploitation details are not provided in the d...