6 matches found
librepo security update
1.8.1-8 - Validate paths read from repomd.xml RhBug: 1866500...
RHEL 7 : librepo (RHSA-2020:5012)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5012 advisory. The librepo library provides a C and Python API to download repository metadata. Security Fixes: librepo: missing path validation in repomd.xml may...
librepo: missing path validation in repomd.xml may lead to directory traversal
A flaw was found in librepo. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This fl...
librepo: missing path validation in repomd.xml may lead to directory traversal
A flaw was found in librepo. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This fl...
Directory Traversal
librepo is vulnerable to directory traversal. The vulnerability exists through a missing path validation in repomd.xml...
librepo: missing path validation in repomd.xml may lead to directory traversal
A flaw was found in librepo. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This fl...