CVE-2020-35883: Path traversal in mozwire

August 25, 2021 (updated February 9, 2023)

An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.

References

github.com/NilsIrl/MozWire
github.com/NilsIrl/MozWire/issues/14
github.com/NilsIrl/MozWire/pull/17/commits/dd0639bf2876773b66382f47285f7db701f628d9
github.com/advisories/GHSA-4vhw-4rw7-jfpv
nvd.nist.gov/vuln/detail/CVE-2020-35883
rustsec.org/advisories/RUSTSEC-2020-0030.html

Detect and mitigate CVE-2020-35883 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →