CVE-2020-7667 – The CPIO extraction functionality doesn’t sanitize the paths of the archived files for lea …

24 June 2020

Vuln ID: CVE-2020-7667

Published: 2020-06-24 12:15:12Z

Description: The CPIO extraction functionality doesn’t sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released.

Source: NVD.NIST.GOV

Date:

24 June 2020

Categorie(s):

NVD

Tag(s):

NVD

Offensive Awakening: The 2024 Shift from Defensive to Proactive Security5 May 2024
End-to-end encryption may be the bane of cops, but they can’t close that Pandora’s Box5 May 2024
Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks5 May 2024
Navigating the Digital Age: AI’s Crucial Role in Cybersecurity Reinforcement5 May 2024
Dating apps kiss’n’tell all sorts of sensitive personal info4 May 2024