CVE-2017-0359: Diffoscope may write to arbitrary locations due to an untrusted archive
(updated )
diffoscope before 76 writes to arbitrary locations on disk based on the contents of an untrusted archive.
References
- bugs.debian.org/854723
- bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723
- github.com/advisories/GHSA-8p5c-f328-9fvv
- github.com/anthraxx/diffoscope
- github.com/anthraxx/diffoscope/commit/632a40828a54b399787c25e7fa243f732aef7e05
- github.com/anthraxx/diffoscope/commit/f379d1f611dbd5d361e12b732e07c8aee45ff226
- github.com/pypa/advisory-database/tree/main/vulns/diffoscope/PYSEC-2018-83.yaml
- nvd.nist.gov/vuln/detail/CVE-2017-0359
- security-tracker.debian.org/tracker/CVE-2017-0359
Detect and mitigate CVE-2017-0359 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →