An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0zM3c2LWh2bXEtZ2g0eM4AA5g-

diffoscope Path Traversal vulnerability

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 months ago
Updated: about 2 months ago

Identifiers: GHSA-33w6-hvmq-gh4x, CVE-2024-25711
References: Blast Radius: 0.0

Affected Packages

Dependent packages: 2
Dependent repositories: 25
Downloads: 6,584 last month
Affected Version Ranges: >= 0, < 256
Fixed in: 256
All affected versions:
All unaffected versions: