PT-2024-36707 · Gitingest · Gitingest
Nollium
·
Published
2024-12-15
·
Updated
2024-12-16
·
CVE-2024-56074
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
gitingest versions before 9996a06
Description
The issue is related to the mishandling of symbolic links that point outside of the base directory. This can lead to a symbolic link traversal vulnerability.
Recommendations
For gitingest versions before 9996a06, consider restricting the use of symbolic links that point outside the base directory until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitingest