CVE-2021-28650
17.03.2021, 06:15
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnome | gnome-autoar | 𝑥 < 0.3.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| gnome-autoar-devel |
| ||||||||||||||||||||||||
| libgnome-autoar-0-0 |
| ||||||||||||||||||||||||
| libgnome-autoar-gtk-0-0 |
| ||||||||||||||||||||||||
| typelib-1_0-GnomeAutoar-0_1 |
| ||||||||||||||||||||||||
| typelib-1_0-GnomeAutoarGtk-0_1 |
|
Red Hat Enterprise Linux Releases
References