Security Vulnerability report #183
Comments
|
I've enabled private vulnerability reporting for the repository. You should be able to report at https://github.com/ib/xarchiver/security. If it doesn't work, please let me know. I'll have to re-check the configuration for private vulnerability reporting then. |
Hey, just reported the vulnerability there. edit: Sorry for the late response, was busy last week and didn't notice your reply. |
ib
added a commit
that referenced
this issue
Dec 27, 2023
All cpio versions up to and including 2.12 are vulnerable to path traversal with maliciously crafted cpio archives. This closes github issue #183, reported by febinrev.
|
Fixed. Thank you for reporting. |
|
Thanks!
…On Wed, 27 Dec, 2023, 5:22 pm Ingo Brückl, ***@***.***> wrote:
Fixed. Thank you for reporting.
—
Reply to this email directly, view it on GitHub
<#183 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AMOPJUTTR5FDEX77PSQATJLYLQDYNAVCNFSM6AAAAAA63ISUJCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZQGIZTMMRYGA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am a security researcher, and I have found a security vulnerability in Xarchiver and the vulnerability is capable of Remote Command Execution upon extracting a crafted Archive.
I would like to safely disclose the details about the vulnerability to the devs, please provide me with the right contact information to report the bug.
My Email: febin.sec@gmail.com
Thanks,
Febin
The text was updated successfully, but these errors were encountered: