CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
31.7%
github.com/schollz/croc is vulnerable to Arbitrary File Overwrite. The vulnerability is due to the Croc protocol allowing a sender to specify an arbitrary path for the file transfer, which lacks validation to check if the file path will overwrite an existing file on the client side. An attacker can exploit this to overwrite files beyond the intended directory by crafting malicious paths inside the ZIP archive.