You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Path traversal mitigation bypass in OctoRPKI
High severity
GitHub Reviewed
Published
Jun 23, 2022
in
cloudflare/cfrpki
•
Updated Oct 2, 2023
The existing URI path filters in OctoRPKI (version < 1.4.3) mitigating Path traversal vulnerability could be bypassed by an attacker. In case a malicious TAL file is parsed, it was possible to write files outside the base cache folder.
Impact
The existing URI path filters in OctoRPKI (version < 1.4.3) mitigating Path traversal vulnerability could be bypassed by an attacker. In case a malicious TAL file is parsed, it was possible to write files outside the base cache folder.
Specific Go Packages Affected
github.com/cloudflare/cfrpki/cmd/octorpki
Patches
The issue was fixed in version 1.4.3
References
CVE-2021-3907
References