rsync is vulnerable to directory traversal. The vulnerability exists due to a lack of validation of file names allowed, allowing a malicious rsync server or Man-in-The-Middle attacker to overwrite arbitrary files in the rsync client target directory and subdirectories.
www.openwall.com/lists/oss-security/2022/08/02/1
github.com/WayneD/rsync/tags
lists.fedoraproject.org/archives/list/[email protected]/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/
lists.fedoraproject.org/archives/list/[email protected]/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml