CVE-2024-10389
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Nov 4, 2024
CWE ID 427
Summary
CVE-2024-10389 is a newly disclosed Path Traversal vulnerability that affects Safearchive on systems utilizing case-insensitive filesystems, such as NTFS. By exploiting this weakness, attackers can write arbitrary files through archive extraction, which involves the manipulation of symbolic links. This issue poses a significant risk, as unauthorized file creation can lead to serious data breaches or system compromise. It is strongly advised to upgrade past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share