PT-2023-23359 · Unknown · Cauldron Cbang

Eqawasm

Publicado

2023-04-28

Atualizado

2023-05-08

CVE-2023-31483

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Cauldron cbang versions prior to bastet-v8.1.17

Description The issue allows for directory traversal during extraction, enabling an attacker to create or write to files outside the current directory by using a crafted tar archive. This is due to a flaw in the tar/TarFileReader.cpp component.

Recommendations For versions prior to bastet-v8.1.17, update to bastet-v8.1.17 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted tar archives until the update is applied.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2023-31483

Produtos afetados

Cauldron Cbang

PT-2023-23359 · Unknown · Cauldron Cbang

CVE-2023-31483

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7