36Sviehb

**Name of the Vulnerable Software and Affected Versions** sviehb jefferson versions up to 0.3 **Description** A critical vulnerability has been found in the sviehb/jefferson JFFS2 filesystem extraction tool, affecting unknown code of the file `src/scripts/jefferson`. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high, and the exploitation appears to be difficult. **Recommendations** For versions up to 0.3, upgrade to version 0.4 to address this issue. As a temporary workaround, consider restricting access to the `src/scripts/jefferson` file until the upgrade is applied.