CVE-2018-12088

Name of the Vulnerable Software and Affected Versions S3QL versions prior to 2.27

Description The issue is related to mishandling of checksumming, allowing replay attacks. An attacker controlling the backend can present old versions of the filesystem metadata database as up-to-date, inject zero-valued bytes into files, or hide parts of files. This is related to the checksum basic mapping function.

Recommendations For versions prior to 2.27, update to version 2.27 or later to resolve the issue. As a temporary workaround, consider restricting access to the backend to minimize the risk of exploitation.