CVE Daily

CVE-2024-10389

There exists a Path Traversal vulnerability in Safearchive on Platforms with Cas...

High CVSS 7.5

Overview

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commitΒ f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc

CWE: CWE-427 Published: 2024-11-04T11:15:04.647
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: path (tag impact: MODERATE)

Recommended actions:

  • Canonicalize path; block `..` traversal; use allowlists.

Recommended tools

Tags