autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
References
Link | Resource |
---|---|
https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429 | Patch Vendor Advisory |
https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7 | Exploit Issue Tracking Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN5TVQ7OHZEGY6AGFLAZWCVCI53RYNHQ/ | |
https://security.gentoo.org/glsa/202105-10 | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
08 Apr 2022, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
References | (GENTOO) https://security.gentoo.org/glsa/202105-10 - Third Party Advisory |
26 May 2021, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Mar 2021, 01:50
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BN5TVQ7OHZEGY6AGFLAZWCVCI53RYNHQ/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
20 Mar 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Feb 2021, 00:06
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:a:gnome:gnome-autoar:*:*:*:*:*:*:*:* | |
References | (MISC) https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7 - Exploit, Issue Tracking, Vendor Advisory | |
References | (MISC) https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429 - Patch, Vendor Advisory | |
CWE | CWE-59 |
05 Feb 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-05 14:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-36241
Mitre link : CVE-2020-36241
CVE.ORG link : CVE-2020-36241
JSON object : View
Products Affected
gnome
- gnome-autoar
fedoraproject
- fedora