CVE-2024-10389 MEDIUM

CVE-2024-10389: Path Traversal in Safearchive

Vendor Google
Product Safearchive
Weakness CWE-427
Published November 4, 2024
Last update November 21, 2024

CVSS base score

5.9/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/AU:Y/R:U/V:D/RE:L/U:Green

What the vulnerability does

01Description

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc

Key dates

02Disclosure timeline

November 4, 2024 CVE published
November 21, 2024 Record updated