The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
git-extras project git-extras 1.7.0 |