OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: cloudflare

Published: 2021-11-11T21:45:16.585289Z

Updated: 2024-09-17T03:18:30.852Z

Reserved: 2021-10-26T00:00:00

Link: CVE-2021-3907

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-11T22:15:07.820

Modified: 2024-11-21T06:22:45.000

Link: CVE-2021-3907

cve-icon Redhat

No data.