Directory traversal vulnerability in GNUMP3D prior to 2.9.6 allows remote malicious users to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu gnump3d 2.9.3 |
||
gnu gnump3d 2.9.4 |
||
gnu gnump3d 2.9.5 |
||
gnu gnump3d 2.9 |
||
gnu gnump3d 2.9.1 |
||
gnu gnump3d 2.9.2 |