CVE-2022-45866

https://notcve.org/view.php?id=CVE-2022-45866

qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file. qpress anterior a PierreLvx/qpress 20220819 y anterior a la versión 11.3, como se usa en Percona XtraBackup y otros productos, permite el Directory Traversal a través de ../ en un archivo .qp. • https://github.com/EvgeniyPatlan/qpress/commit/ddb312090ebd5794e81bc6fb1dfb4e79eda48761 https://github.com/PierreLvx/qpress/compare/20170415...20220819 https://github.com/PierreLvx/qpress/pull/6 https://github.com/percona/percona-xtrabackup/pull/1366 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQWF7635AJSDKEIGLB73XAH643POGTFY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4RXO3VYIFRTNIFHWIAZWND6ZXQ5OYOB https://lists.fedoraproject.org/archives • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •