0.002 Low
EPSS
Percentile
57.2%
rdiffweb is vulnerable to privilege escalation. The vulnerability exists because the library does not properly block repository access when the user_root directory is empty or a relative path, allowing an attacker to modify access roles.
user_root
github.com/advisories/GHSA-g594-55mp-f6q8
github.com/ikus060/rdiffweb/commit/b2df3679564d0daa2856213bb307d3e34bd89a25
huntr.dev/bounties/b2dc504d-92ae-4221-a096-12ff223d95a8
huntr.dev/bounties/b2dc504d-92ae-4221-a096-12ff223d95a8/