GHSA-8459-6rc9-8vf8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8459-6rc9-8vf8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-8459-6rc9-8vf8/GHSA-8459-6rc9-8vf8.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-8459-6rc9-8vf8
- Aliases
- Published
- 2022-02-14T22:52:15Z
- Modified
- 2025-01-08T08:26:59.465873Z
- Summary
- Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki
- Details
-
Impact
In the case that a malicious TAL file is parsed pointing to a repository that provides a malicious ROA file which octorpki downloads, it is possible to bypass the current directory traversal mitigation to allow writing outside of the current directory.
Patches
No patch release has been made
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-22" ], "severity": "LOW", "github_reviewed_at": "2022-02-14T22:52:15Z", "github_reviewed": true }- References
-
- https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8459-6rc9-8vf8
- https://github.com/cloudflare/cfrpki/commit/a053a808feeb3115c76b6cc263ee55598ce6e8cd
- https://github.com/cloudflare/cfrpki/commit/eb9cc4db7b7b79e44f56dfaa959fccdfb2af8284
- https://github.com/cloudflare/cfrpki
- https://github.com/cloudflare/cfrpki/releases/tag/v1.4.3
Affected packages
Go / github.com/cloudflare/cfrpki
Package
- Name
- github.com/cloudflare/cfrpki
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/cloudflare/cfrpki