Veracode Vulnerability DatabaseVERACODE:43426Improper Neutralization Of Filename Or Path
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.8%
github.com/schollz/croc is vulnerable to Improper Neutralization Of Filename Or Path. The vulnerability is due to a lack of filenames filtering or received from the client side. This allows an attacker to use filenames with special characters, including ANSI/CSI terminal escape sequences. The filenames without any sanitization are displayed on stdout during the transfer process which can lead to arbitrary code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/schollz/croc | le | v9.6.5 | |
| github.com/schollz/croc | le | v9.6.5 |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.8%