VYPR
Medium severity4.3NVD Advisory· Published May 7, 2021· Updated Jun 17, 2026

CVE-2021-29488

CVE-2021-29488

Description

SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the filesystem.renamer() function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • sabnzbd/SABnzbdllm-fuzzy2 versions
    <3.2.1RC1+ 1 more
    • (no CPE)range: <3.2.1RC1
    • (no CPE)range: < 3.2.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.