EPSS
Percentile
30.2%
ubi-reader is vulnerable to path traversal. The vulnerability exists in the extract_dents function in output.py, allowing an attacker to overwrite files outside of the extraction directory through the URL path such as `…/…/tmp/outside.txt
extract_dents
output.py
github.com/advisories/GHSA-hc37-84v3-8gmq
github.com/jrspruitt/ubi_reader/commit/d5d68e6b1b9f7070c29df5f67fc060f579ae9139
github.com/jrspruitt/ubi_reader/pull/57
github.com/jrspruitt/ubi_reader/releases/tag/v0.8.5-master
vuldb.com/?id.216146