CVE-2017-15607: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

December 1, 2017 (updated December 15, 2017)

Inedo Otter has directory traversal in filesystem-based rafts via vectors involving ‘/’ characters or initial ‘.’ characters, aka OT-181.

References

inedo.com/blog/otter-174-released
inedo.myjetbrains.com/youtrack/issue/OT-181
nvd.nist.gov/vuln/detail/CVE-2017-15607

Detect and mitigate CVE-2017-15607 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →