VYPR
Medium severity6.5OSV Advisory· Published Feb 6, 2018· Updated Jun 17, 2026

CVE-2017-6200

CVE-2017-6200

Description

Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Sandstorm Io/SandstormOSV2 versions
    v0.101, v0.102, v0.103, …+ 1 more
    • (no CPE)range: v0.101, v0.102, v0.103, …
    • (no CPE)range: <0.203

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.