Unrated severityNVD Advisory· Published Feb 5, 2021· Updated Aug 4, 2024
CVE-2020-36241
CVE-2020-36241
Description
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Affected products
61- GNOME/gnome-autoardescription
- osv-coords60 versionspkg:rpm/almalinux/accountsservicepkg:rpm/almalinux/accountsservice-develpkg:rpm/almalinux/accountsservice-libspkg:rpm/almalinux/gdmpkg:rpm/almalinux/gnome-autoarpkg:rpm/almalinux/gnome-calculatorpkg:rpm/almalinux/gnome-classic-sessionpkg:rpm/almalinux/gnome-control-centerpkg:rpm/almalinux/gnome-control-center-filesystempkg:rpm/almalinux/gnome-online-accountspkg:rpm/almalinux/gnome-online-accounts-develpkg:rpm/almalinux/gnome-sessionpkg:rpm/almalinux/gnome-session-kiosk-sessionpkg:rpm/almalinux/gnome-session-wayland-sessionpkg:rpm/almalinux/gnome-session-xsessionpkg:rpm/almalinux/gnome-settings-daemonpkg:rpm/almalinux/gnome-shellpkg:rpm/almalinux/gnome-shell-extension-apps-menupkg:rpm/almalinux/gnome-shell-extension-auto-move-windowspkg:rpm/almalinux/gnome-shell-extension-commonpkg:rpm/almalinux/gnome-shell-extension-dash-to-dockpkg:rpm/almalinux/gnome-shell-extension-desktop-iconspkg:rpm/almalinux/gnome-shell-extension-disable-screenshieldpkg:rpm/almalinux/gnome-shell-extension-drive-menupkg:rpm/almalinux/gnome-shell-extension-gesture-inhibitorpkg:rpm/almalinux/gnome-shell-extension-horizontal-workspacespkg:rpm/almalinux/gnome-shell-extension-launch-new-instancepkg:rpm/almalinux/gnome-shell-extension-native-window-placementpkg:rpm/almalinux/gnome-shell-extension-no-hot-cornerpkg:rpm/almalinux/gnome-shell-extension-panel-favoritespkg:rpm/almalinux/gnome-shell-extension-places-menupkg:rpm/almalinux/gnome-shell-extension-screenshot-window-sizerpkg:rpm/almalinux/gnome-shell-extension-systemMonitorpkg:rpm/almalinux/gnome-shell-extension-top-iconspkg:rpm/almalinux/gnome-shell-extension-updates-dialogpkg:rpm/almalinux/gnome-shell-extension-user-themepkg:rpm/almalinux/gnome-shell-extension-window-grouperpkg:rpm/almalinux/gnome-shell-extension-window-listpkg:rpm/almalinux/gnome-shell-extension-windowsNavigatorpkg:rpm/almalinux/gnome-shell-extension-workspace-indicatorpkg:rpm/almalinux/gnome-softwarepkg:rpm/almalinux/gnome-software-develpkg:rpm/almalinux/gsettings-desktop-schemaspkg:rpm/almalinux/gsettings-desktop-schemas-develpkg:rpm/almalinux/gtk3pkg:rpm/almalinux/gtk3-develpkg:rpm/almalinux/gtk3-immodule-ximpkg:rpm/almalinux/gtk-update-icon-cachepkg:rpm/almalinux/LibRawpkg:rpm/almalinux/LibRaw-develpkg:rpm/almalinux/mutterpkg:rpm/almalinux/mutter-develpkg:rpm/almalinux/vinopkg:rpm/almalinux/webkit2gtk3pkg:rpm/almalinux/webkit2gtk3-develpkg:rpm/almalinux/webkit2gtk3-jscpkg:rpm/almalinux/webkit2gtk3-jsc-develpkg:rpm/opensuse/gnome-autoar&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/gnome-autoar&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/gnome-autoar&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 0.6.55-2.el8+ 59 more
- (no CPE)range: < 0.6.55-2.el8
- (no CPE)range: < 0.6.55-2.el8
- (no CPE)range: < 0.6.55-2.el8
- (no CPE)range: < 1:40.0-15.el8
- (no CPE)range: < 0.2.3-2.el8
- (no CPE)range: < 3.28.2-2.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.28.2-28.el8
- (no CPE)range: < 3.28.2-28.el8
- (no CPE)range: < 3.28.2-3.el8
- (no CPE)range: < 3.28.2-3.el8
- (no CPE)range: < 3.28.1-13.el8
- (no CPE)range: < 3.28.1-13.el8
- (no CPE)range: < 3.28.1-13.el8
- (no CPE)range: < 3.28.1-13.el8
- (no CPE)range: < 3.32.0-16.el8.alma
- (no CPE)range: < 3.32.2-40.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.32.1-20.el8
- (no CPE)range: < 3.36.1-10.el8
- (no CPE)range: < 3.36.1-10.el8
- (no CPE)range: < 3.32.0-6.el8
- (no CPE)range: < 3.32.0-6.el8
- (no CPE)range: < 3.22.30-8.el8
- (no CPE)range: < 3.22.30-8.el8
- (no CPE)range: < 3.22.30-8.el8
- (no CPE)range: < 3.22.30-8.el8
- (no CPE)range: < 0.19.5-3.el8
- (no CPE)range: < 0.19.5-3.el8
- (no CPE)range: < 3.32.2-60.el8
- (no CPE)range: < 3.32.2-60.el8
- (no CPE)range: < 3.22.0-11.el8
- (no CPE)range: < 2.32.3-2.el8
- (no CPE)range: < 2.32.3-2.el8
- (no CPE)range: < 2.32.3-2.el8
- (no CPE)range: < 2.32.3-2.el8
- (no CPE)range: < 0.2.3-lp152.4.3.1
- (no CPE)range: < 0.2.3-3.3.1
- (no CPE)range: < 0.2.2-3.5.1
Patches
1adb067e64573Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN5TVQ7OHZEGY6AGFLAZWCVCI53RYNHQ/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202105-10mitrevendor-advisoryx_refsource_GENTOO
- gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429mitrex_refsource_MISC
- gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.