High severityNVD Advisory· Published Jan 2, 2018· Updated Sep 16, 2024
CVE-2017-1000420
CVE-2017-1000420
Description
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/syncthing/syncthingGo | <= 0.14.33 | — |
Affected products
1Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-28xp-g7f6-7mhfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-1000420ghsaADVISORY
- github.com/syncthing/syncthing/commit/f1f21bf22020d9b881478c2e942ba6943c8da2f3ghsaWEB
- github.com/syncthing/syncthing/issues/4286ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.