CVSS: 3.9EPSS: 0%CPEs: 2EXPL: 1CVE-2020-36314 – file-roller: directory traversal via directory symlink pointing outside of the target directory (incomplete fix for CVE-2020-11736)
https://notcve.org/view.php?id=CVE-2020-36314
07 Apr 2021 — fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736. El archivo fr-archive-libarchive.c en GNOME file-roller versiones hasta 3.38.0, como es usado GNOME Shell y otro software, permite un Salto de Directorio durante una extracción porque carece de ... • https://gitlab.gnome.org/GNOME/file-roller/-/commit/e970f4966bf388f6e7c277357c8b186c645683ae • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 3.9EPSS: 0%CPEs: 6EXPL: 0CVE-2020-11736 – file-roller: directory traversal via directory symlink pointing outside of the target directory
https://notcve.org/view.php?id=CVE-2020-11736
13 Apr 2020 — fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. El archivo fr-archive-libarchive.c en GNOME file-roller versiones hasta 3.36.1, permite un Salto del Directorio durante la extracción porque carece de una comprobación de si el padre de un archivo es un enlace simbólico en un directorio fuera de la ubicación de extracción prevista.... • https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 1CVE-2019-16680 – file-roller: path traversal vulnerability via a specially crafted filename contained in malicious archive
https://notcve.org/view.php?id=CVE-2019-16680
21 Sep 2019 — An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. Se detectó un problema en GNOME file-roller versiones anteriores a 3.29.91. Permite un único salto de ruta (path) ./../ por medio de un nombre de archivo contenido en un archivo TAR, posiblemente sobrescribiendo un archivo durante la extracción. A path traversal vulnerability was discovered in the file-roller (Archive M... • https://bugzilla.gnome.org/show_bug.cgi?id=794337 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •