Splunk · Splunk · CVE-2013-6771
**Name of the Vulnerable Software and Affected Versions**
Splunk versions prior to 5.0.5
**Description**
The issue allows remote attackers to execute arbitrary commands, potentially leading to remote code execution. This is due to a directory traversal vulnerability in the collect script, which can be exploited by including a .. (dot dot) in the file parameter.
**Recommendations**
For versions prior to 5.0.5, update to version 5.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the collect script to minimize the risk of exploitation. Avoid using the file parameter with untrusted input in the collect script until the issue is resolved.