Lucene search

K

GoogleOSV:GHSA-CQH2-VC2F-Q4FH

HistoryNov 10, 2021 - 8:08 p.m.

Arbitrary filepath traversal via URI injection

2021-11-1020:08:29

Google

osv.dev

6

uri injection

arbitrary filepath traversal

remote code execution

octorpki

EPSS

0.068

Percentile

94.0%

OctoRPKI does not escape a URI with a filename containing “…”, this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.

Patches

For more information

If you have any questions or comments about this advisory email us at [email protected]

References

github.com/cloudflare/cfrpki

github.com/cloudflare/cfrpki/commit/a053a808feeb3115c76b6cc263ee55598ce6e8cd

github.com/cloudflare/cfrpki/commit/eb9cc4db7b7b79e44f56dfaa959fccdfb2af8284

github.com/cloudflare/cfrpki/security/advisories/GHSA-3jhm-87m6-x959

github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh

nvd.nist.gov/vuln/detail/CVE-2021-3907

pkg.go.dev/vuln/GO-2022-0248

www.debian.org/security/2021/dsa-5033

www.debian.org/security/2022/dsa-5041

EPSS

0.068

Percentile

94.0%

Related for OSV:GHSA-CQH2-VC2F-Q4FH

prion1 cvelist1 github2 nvd1 cve1 veracode1 osv7 debiancve1 ubuntucve1 nessus2 debian2 openvas2