Mohammadzain2008

**Name of the Vulnerable Software and Affected Versions** Linkr versions through 2.0.0 **Description** Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr does not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitrary file entries into a package distribution. An attacker can modify a .linkr manifest and, when a user runs the extract command, the client downloads the attacker-supplied file without verification. This enables arbitrary file injection and creates a potential path to remote code execution if a downloaded malicious binary or script is later executed. **Recommendations** Update to version 2.0.1 or later. As a workaround prior to updating, use only trusted .linkr manifests. Manually verify manifest integrity. Host manifests on trusted servers.