source: wwwsecurityfocuscom/bid/1523/info
The cvs client blindly trust paths returned to it by the server Therefore, a cvs client could be tricked into creating a file anywhere on the system by a malicious server
This problem can be tested yourself as follows Although this example
runs a faked cvs server using the :ext: method, this ...