autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
References
Link | Resource |
---|---|
https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429 | Patch Vendor Advisory |
https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7 | Exploit Issue Tracking Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN5TVQ7OHZEGY6AGFLAZWCVCI53RYNHQ/ | |
https://security.gentoo.org/glsa/202105-10 | Third Party Advisory |
https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429 | Patch Vendor Advisory |
https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7 | Exploit Issue Tracking Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN5TVQ7OHZEGY6AGFLAZWCVCI53RYNHQ/ | |
https://security.gentoo.org/glsa/202105-10 | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429 - Patch, Vendor Advisory | |
References | () https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7 - Exploit, Issue Tracking, Vendor Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN5TVQ7OHZEGY6AGFLAZWCVCI53RYNHQ/ - | |
References | () https://security.gentoo.org/glsa/202105-10 - Third Party Advisory |
08 Apr 2022, 14:22
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202105-10 - Third Party Advisory | |
CWE | CWE-22 |
26 May 2021, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-02-05 14:15
Updated : 2024-11-21 05:29
NVD link : CVE-2020-36241
Mitre link : CVE-2020-36241
CVE.ORG link : CVE-2020-36241
JSON object : View
Products Affected
gnome
- gnome-autoar
fedoraproject
- fedora