SecuriTricks - CVE-2024-10389

Product(s) Impacted

Safearchive

Description

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc

Weaknesses

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

CWE ID: 427

Date

Published: Nov. 4, 2024, 11:15 a.m.

Last Modified: Nov. 21, 2024, 5:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve-coordination@google.com

CVE-2024-10389

Tags

Product(s) Impacted

Description

Weaknesses

CWE-427

Uncontrolled Search Path Element

Date

Status : Awaiting Analysis

Source

References

CVE-2024-10389

Tags

Product(s) Impacted

Description

Weaknesses

CWE-427

Uncontrolled Search Path Element

Date

Status : Awaiting Analysis

Source

References

Share