Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0zM3c2LWh2bXEtZ2g0eM4AA5g-

diffoscope Path Traversal vulnerability

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.

Permalink: https://github.com/advisories/GHSA-33w6-hvmq-gh4x
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zM3c2LWh2bXEtZ2g0eM4AA5g-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 months ago
Updated: about 2 months ago


Identifiers: GHSA-33w6-hvmq-gh4x, CVE-2024-25711
References: Blast Radius: 0.0

Affected Packages

pypi:diffoscope
Dependent packages: 2
Dependent repositories: 25
Downloads: 6,584 last month
Affected Version Ranges: >= 0, < 256
Fixed in: 256
All affected versions:
All unaffected versions: