Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote malicious users to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
arj software arj archiver |
||
fedoraproject fedora 22 |
||
fedoraproject fedora 21 |
||
fedoraproject fedora 20 |