DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 9 | all | dansguardian | < 2.10.1.1-5.1+deb9u2 | dansguardian_2.10.1.1-5.1+deb9u2_all.deb |