GHSA-8459-6rc9-8vf8

Suggest an improvement
Source
https://github.com/advisories/GHSA-8459-6rc9-8vf8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-8459-6rc9-8vf8/GHSA-8459-6rc9-8vf8.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-8459-6rc9-8vf8
Aliases
Published
2022-02-14T22:52:15Z
Modified
2024-08-21T15:42:14.227133Z
Summary
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki
Details

Impact

In the case that a malicious TAL file is parsed pointing to a repository that provides a malicious ROA file which octorpki downloads, it is possible to bypass the current directory traversal mitigation to allow writing outside of the current directory.

Patches

No patch release has been made

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-14T22:52:15Z"
}
References

Affected packages

Go / github.com/cloudflare/cfrpki

Package

Name
github.com/cloudflare/cfrpki
View open source insights on deps.dev
Purl
pkg:golang/github.com/cloudflare/cfrpki

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.3

Database specific

{
    "last_known_affected_version_range": "<= 1.4.2"
}