CVE-2024-10389
CVSS V2 None
CVSS V3 None
Description
There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc
Overview
- CVE ID
- CVE-2024-10389
- Assigner
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-04T10:47:39.434Z
- Last Modified Date
- 2024-11-04T16:02:53.913Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/google/safearchive/commit/f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-10389 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10389 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-05 13:21:44 | Added to TrackCVE |