← volver
CVE-2020-36241

CVE-2020-36241

EPSS 0.6%
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN5TVQ7OHZEGY6AGFLAZWCVCI53RYNHQ/https://security.gentoo.org/glsa/202105-10