Vulnerabilities

CVE-2021-3907

by Fred · 11/11/2021

OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. ../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.

Date published : 2021-11-11

https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh

Similar

Tags: Cybersecurity Alert