Moderate severityNVD Advisory· Published Nov 4, 2024· Updated Nov 21, 2024
Path Traversal in Safearchive
CVE-2024-10389
Description
There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/google/safearchiveGo | < 0.0.0-20241025131057-f7ce9d7b6f9c | 0.0.0-20241025131057-f7ce9d7b6f9c |
Affected products
7- ghsa-coords6 versionspkg:golang/github.com/google/safearchivepkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 0.0.0-20241025131057-f7ce9d7b6f9c+ 5 more
- (no CPE)range: < 0.0.0-20241025131057-f7ce9d7b6f9c
- (no CPE)range: < 0.0.20241112T145010-150000.1.17.1
- (no CPE)range: < 0.0.20241112T145010-150000.1.17.1
- (no CPE)range: < 0.0.20241106T172143-1.1
- (no CPE)range: < 0.0.20241112T145010-150000.1.17.1
- (no CPE)range: < 0.0.20241112T145010-150000.1.17.1
- Google/Safearchivev5Range: 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.