New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Vulnerability report #183
Comments
I've enabled private vulnerability reporting for the repository. You should be able to report at https://github.com/ib/xarchiver/security. If it doesn't work, please let me know. I'll have to re-check the configuration for private vulnerability reporting then. |
Hey, just reported the vulnerability there. edit: Sorry for the late response, was busy last week and didn't notice your reply. |
All cpio versions up to and including 2.12 are vulnerable to path traversal with maliciously crafted cpio archives. This closes github issue #183, reported by febinrev.
Fixed. Thank you for reporting. |
Thanks!
…On Wed, 27 Dec, 2023, 5:22 pm Ingo Brückl, ***@***.***> wrote:
Fixed. Thank you for reporting.
—
Reply to this email directly, view it on GitHub
<#183 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AMOPJUTTR5FDEX77PSQATJLYLQDYNAVCNFSM6AAAAAA63ISUJCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZQGIZTMMRYGA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
I am a security researcher, and I have found a security vulnerability in Xarchiver and the vulnerability is capable of Remote Command Execution upon extracting a crafted Archive.
I would like to safely disclose the details about the vulnerability to the devs, please provide me with the right contact information to report the bug.
My Email: febin.sec@gmail.com
Thanks,
Febin
The text was updated successfully, but these errors were encountered: