MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2aHctNHJ3Ny1qZnB2

Critical EPSS: 0.00417% (0.60526 Percentile) EPSS:

Permalink JSON

Path traversal in mozwire

Affected Packages	Affected Versions	Fixed Versions
cargo:mozwire	< 0.5.0	0.5.0
0 Dependent packages 0 Dependent repositories 15,608 Downloads total Affected Version Ranges All affected versions 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.4.1 All unaffected versions 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.7.0, 0.8.1

An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-35883
https://github.com/NilsIrl/MozWire/issues/14
https://rustsec.org/advisories/RUSTSEC-2020-0030.html
https://github.com/NilsIrl/MozWire/pull/17/commits/dd0639bf2876773b66382f47285f7db701f628d9
https://github.com/advisories/GHSA-4vhw-4rw7-jfpv

Identifiers

GHSA-4vhw-4rw7-jfpv

CVE-2020-35883

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.00417

EPSS Percentile: 0.60526

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/NilsIrl/MozWire

Date and time

Published

almost 4 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories