mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
781 B
781 B
CVE-2019-13636
Description
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
POC
Reference
- http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html
- https://github.com/irsl/gnu-patch-vulnerabilities
- https://seclists.org/bugtraq/2019/Aug/29