7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.8%
github.com/schollz/croc is vulnerable to Improper Neutralization Of Filename Or Path. The vulnerability is due to a lack of filenames filtering or received from the client side. This allows an attacker to use filenames with special characters, including ANSI/CSI terminal escape sequences. The filenames without any sanitization are displayed on stdout during the transfer process which can lead to arbitrary code execution.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/schollz/croc | le | v9.6.5 | |
github.com/schollz/croc | le | v9.6.5 |