PT-2017-10736 · Chef · Mixlib-Archive
Published
2017-07-13
·
Updated
2022-05-13
·
CVE-2017-1000026
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
mixlib-archive versions 0.3.0 and older
Description
The issue allows attackers to perform a directory traversal attack, enabling them to overwrite arbitrary files by using
.. in tar archive entries. This can lead to unauthorized modifications of the system.Recommendations
For mixlib-archive versions 0.3.0 and older, update to a version newer than 0.3.0 to resolve the issue. As a temporary workaround, consider restricting the use of tar archive entries that contain
.. to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mixlib-Archive