SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
References
| Link | Resource |
|---|---|
| https://github.com/SerenityOS/serenity/issues/3991 | Third Party Advisory |
| https://github.com/SerenityOS/serenity/issues/3992 | Third Party Advisory |
| https://github.com/SerenityOS/serenity/pull/5713 | Third Party Advisory |
| https://github.com/SerenityOS/serenity/pull/5713/commits/3844e8569689dd476064a0759d704bc64fb3ca2c | Patch Third Party Advisory |
Configurations
History
22 Jun 2021, 17:03
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
| CPE | cpe:2.3:o:serenityos:serenityos:*:*:*:*:*:*:*:* | |
| CWE | CWE-22 | |
| References | (MISC) https://github.com/SerenityOS/serenity/pull/5713/commits/3844e8569689dd476064a0759d704bc64fb3ca2c - Patch, Third Party Advisory | |
| References | (MISC) https://github.com/SerenityOS/serenity/issues/3992 - Third Party Advisory | |
| References | (MISC) https://github.com/SerenityOS/serenity/issues/3991 - Third Party Advisory | |
| References | (CONFIRM) https://github.com/SerenityOS/serenity/pull/5713 - Third Party Advisory |
18 Jun 2021, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-06-18 22:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-31272
Mitre link : CVE-2021-31272
CVE.ORG link : CVE-2021-31272
JSON object : View
Products Affected
serenityos
- serenityos
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')