CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28650 – gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)
https://notcve.org/view.php?id=CVE-2021-28650
17 Mar 2021 — autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241. El archivo autoar-extractor.c en GNOME gnome-autoar versiones anteriores a 0.3.1, tal y como es usado en GNOME Shell, Nautilus y otro software, permite un Salto de Directorio durante la ext... • https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-36241 – gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory
https://notcve.org/view.php?id=CVE-2020-36241
05 Feb 2021 — autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. El archivo autoar-extractor.c en GNOME gnome-autoar versiones hasta 0.2.4, tal y como es usado por GNOME Shell, Nautilus y otro software, permite un Salto de Directorio durante la extracción porque presenta una falta de comprobación... • https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •