Skip to content

Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki

Low severity GitHub Reviewed Published Feb 14, 2022 in cloudflare/cfrpki • Updated Nov 7, 2023

Package

gomod github.com/cloudflare/cfrpki (Go)

Affected versions

<= 1.4.2

Patched versions

1.4.3

Description

Impact

In the case that a malicious TAL file is parsed pointing to a repository that provides a malicious ROA file which octorpki downloads, it is possible to bypass the current directory traversal mitigation to allow writing outside of the current directory.

Patches

No patch release has been made

References

@dhaynespls dhaynespls published to cloudflare/cfrpki Feb 14, 2022
Published to the GitHub Advisory Database Feb 14, 2022
Reviewed Feb 14, 2022
Last updated Nov 7, 2023

Severity

Low

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-8459-6rc9-8vf8

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.