CVS 1.11.x prior to 1.11.17, and 1.12.x prior to 1.12.9, allows remote malicious users to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu cvs |