You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki
Low severity
GitHub Reviewed
Published
Feb 14, 2022
in
cloudflare/cfrpki
•
Updated Nov 7, 2023
In the case that a malicious TAL file is parsed pointing to a repository that provides a malicious ROA file which octorpki downloads, it is possible to bypass the current directory traversal mitigation to allow writing outside of the current directory.
Impact
In the case that a malicious TAL file is parsed pointing to a repository that provides a malicious ROA file which octorpki downloads, it is possible to bypass the current directory traversal mitigation to allow writing outside of the current directory.
Patches
No patch release has been made
References