Security
Headlines

Headlines Latest CVEs

Headline

GHSA-q3rp-vvm7-j8jg: Safearchive Path Traversal vulnerability

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc

18 days ago

#vulnerability #google #git

GitHub Advisory Database
GitHub Reviewed
CVE-2024-10389

Safearchive Path Traversal vulnerability

Moderate severity GitHub Reviewed Published Nov 4, 2024 to the GitHub Advisory Database • Updated Nov 4, 2024

Package

gomod github.com/google/safearchive (Go)

Affected versions

< 0.0.0-20241025131057-f7ce9d7b6f9c

Patched versions

0.0.0-20241025131057-f7ce9d7b6f9c

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc

References

https://nvd.nist.gov/vuln/detail/CVE-2024-10389
google/safearchive@f7ce9d7

Published to the GitHub Advisory Database

Nov 4, 2024

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

9 hours ago

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

9 hours ago

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

10 hours ago

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

10 hours ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

10 hours ago