CVE-2020-26312

Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...

CVE-2020-26312 GHSL-2020-254: Arbitrary file read and/or write in dotmesh

Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...

CVE-2020-26312 GHSL-2020-254: Arbitrary file read and/or write in dotmesh

Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...

CVE-2020-26312

CVE-2020-26312 affects Dotmesh (versions 0.8.1 and prior) and stems from unsafe handling of symbolic links in the unpacking routine. The untarFile flow can be manipulated by a malicious tarball to create a symlink chain that escapes the target directory, enabling arbitrary file read and/or write ...

Arbitrary File Read

github.com/dotmesh-io/dotmesh is vulnerable to Arbitrary File Read. The vulnerability is due to the unsafe handling of symbolic links in an unpacking routine, allowing attackers to read and/or write to arbitrary locations outside the designated target folder...

PT-2024-10802 · Dotmesh · Dotmesh

Name of the Vulnerable Software and Affected Versions: Dotmesh versions 0.8.1 and prior Description: The issue is related to the unsafe handling of symbolic links in an unpacking routine, which may enable attackers to read and/or write to arbitrary locations outside the designated target folder...

Dotmesh 安全漏洞

Dotmesh is a git-like CLI open-sourced by Dotscience for capturing, organizing and sharing application state. A security vulnerability exists in Dotmesh 0.8.1 and earlier versions, which stems from the insecure handling of symbolic links in the unpacking routine, and could allow an attacker to re...

commons-compress: OutOfMemoryError unpacking broken Pack200 file

An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error...

Node.js Module node-tar < 6.2.1 DoS

In the nodejs module node-tar prior to version 6.2.1, there is no validation of the number of folders created while unpacking a file. As a result, an attacker can use a malicious file to exhaust the CPU and memory on the host and crash the nodejs client. Note that Nessus has not tested for these...

CVE-2024-24940

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives...

CVE-2024-24940

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives...

Path traversal

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives...

CVE-2024-24940

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives...

JetBrains IntelliJ IDEA Security Vulnerability

JetBrains IntelliJ IDEA is an integrated development environment for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA prior to version 2023.3.3, which stems from path traversal when unpacking an archive...

Remote code execution

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution...

TRENDnet TV-IP1314PI 安全漏洞

The TRENDnet TV-IP1314PI is a wireless network camera from TRENDnet. The TRENDnet TV-IP1314PI suffers from a command injection vulnerability, which originates from davinci's use of the system function to unpack language packets without strict filtering of URL strings, which can be exploited by an...

Pyxamstore - Python Utility For Parsing Xamarin AssemblyStore Blob Files

This is an alpha release of an assemblies.blob AssemblyStore parser written in Python. The tool is capable of unpack and repackaging assemblies.blob and assemblies.manifest Xamarin files from an APK. Installing Run the installer script: python setup.py install You can then use the tool by calling...

CVE-2023-42523

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security fo...

CVE-2023-42523

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security fo...

CVE-2023-42523

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security fo...