github.com/slackhq/nebula is vulnerable to remote code execution via path traversal. Lack of handling of the user-provided unsafe routes in tun_darwin.go
or tun_windows.go
allows an attacker to set a relative-path value and gain privileges of root-user to bypass security controls and to execute arbitrary code in its own context.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/slackhq/nebula | le | v1.1.0 |