CVE-2020-24654 log
Source |
|
Severity | High |
Remote | No |
Type | Arbitrary filesystem access |
Description | In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1216 | ark | 20.08.0-1 | 20.08.0-2 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
03 Sep 2020 | ASA-202009-2 | AVG-1216 | ark | High | arbitrary filesystem access |
References |
---|
https://kde.org/info/security/advisory-20200827-1.txt https://invent.kde.org/utilities/ark/-/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd |