Skip to content

Unquoted Windows binary path

Low
tananaev published GHSA-j75r-7qm5-62q5 Feb 2, 2021

Package

No package listed

Affected versions

< 4.12

Patched versions

4.12

Description

Impact

Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system).

Patches

A patch has been merged and will be released with version 4.12.

Workarounds

Manually add quotes to the service path.

References

More information about the vulnerability type:

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2021-21292

Weaknesses

No CWEs

Credits