OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
0cee8f8f4d0aee84c45c33c45169aeb6a4196aaf
advisory-db/crates/mozwire/RUSTSEC-2020-0030.toml
github-actions[bot] 9587a27510 Assigned RUSTSEC-2020-0030 to mozwire
2020-08-21 00:57:05 +00:00

21 lines
759 B
TOML
Raw Blame History

[advisory]
id = "RUSTSEC-2020-0030"
package = "mozwire"
date = "2020-08-18"
title = "Missing sanitazion in mozwire allows local file overwrite of files ending in .conf"
url = "https://github.com/NilsIrl/MozWire/issues/14"
categories = []
keywords = ["file-overwrite"]
description = """
The client software downloaded a list of servers from mozilla's servers and created local files named
after the hostname field in the json document.
No verification of the content of the string was made, and it could therefore have included '../' leading to path traversal.
This allows an attacker in controll of mozilla's servers to overwrite/create local files named .conf.
The flaw was corrected by sanitizing the hostname field.
"""
[versions]
patched = ["> 0.4.1"]
Reference in New Issue View Git Blame Copy Permalink