CVE-2021-29488
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-29488
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29488.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-29488
- Downstream
- Related
- Published
- 2021-05-07T15:15:07Z
- Modified
- 2025-10-15T12:48:07.581047Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the
filesystem.renamer()function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version. - References
Affected packages
Git / github.com/sabnzbd/sabnzbd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sabnzbd/sabnzbd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.8RC1
0.6.9
0.6.9RC1
0.6.9RC2
0.7.0
0.7.0Alpha1
0.7.0Alpha2
0.7.0Alpha3
0.7.0Beta1
0.7.0Beta2
0.7.0Beta3
0.7.0Beta4
0.7.0Beta5
0.7.0Beta6
0.7.0Beta7
0.7.0Beta8
0.7.0RC1
0.7.0RC2
0.7.1
0.7.10
0.7.10RC1
0.7.11
0.7.11RC1
0.7.11RC2
0.7.1RC1
0.7.1RC2
0.7.1RC3
0.7.1RC4
0.7.1RC5
0.7.2
0.7.2RC1
0.7.2RC2
0.7.3
0.7.3Beta1
0.7.3Beta2
0.7.3RC1
0.7.4
0.7.4Beta1
0.7.4Beta2
0.7.4Beta3
0.7.4RC1
0.7.4RC2
0.7.5
0.7.5RC1
0.7.6
0.7.6Beta1
0.7.6Beta2
0.7.6Final
0.7.7
0.7.8
0.7.8RC1
0.7.9
0.7.9RC1
0.8.0Alpha1
0.8.0Alpha2
0.8.0Beta1
0.8.0Beta2
0.8.0Beta3
0.8.0Beta4
0.8.0Beta5
0.8.0Beta6
1.*
1.0.0
1.0.0RC1
1.0.0RC2
1.0.0RC3
1.0.0RC4
1.0.0RC5
1.0.1
1.0.1RC1
1.0.2
1.0.3
1.1.0
1.1.0Beta1
1.1.0RC1
1.1.0RC2
1.1.0RC3
1.1.0RC4
1.2.0
1.2.0Beta1
1.2.0RC1
1.2.1
1.2.1Beta1
1.2.1RC1
1.2.2
1.2.3
2.*
2.0.0
2.0.0Alpha1
2.0.0Beta1
2.0.0RC1
2.0.0RC2
2.0.0RC3
2.0.1
2.0.1RC1
2.0.1RC2
2.1.0
2.1.0Beta1
2.1.0RC1
2.2.0
2.2.0Alpha1
2.2.0Alpha2
2.2.0Alpha3
2.2.0Beta1
2.2.0Beta2
2.2.0RC1
2.2.0RC2
2.2.0RC3
2.2.1
2.2.1RC1
2.2.1RC2
2.3.0
2.3.0Alpha1
2.3.0Alpha2
2.3.0RC1
2.3.0RC2
2.3.1
2.3.1Beta1
2.3.1RC1
2.3.1RC2
2.3.2
2.3.2RC1
2.3.2RC2
2.3.3
2.3.3Beta1
2.3.3RC1
2.3.3RC2
2.3.4
2.3.4RC1
2.3.5
2.3.5RC1
2.3.5RC2
2.3.6
2.3.6Beta1
2.3.6RC1
2.3.7
2.3.7Beta1
2.3.7RC1
2.3.8
2.3.8Beta1
2.3.8RC1
2.3.9
2.3.9RC1
2.3.9RC2
3.*
3.0.0Alpha1
3.0.0Alpha2
3.0.0Beta1
3.0.0Beta2
3.0.0Beta3
3.0.0Beta4
3.0.0RC1
3.0.0RC2