cve/CVE-2023-27534.md at dd6a10065df501f0a524d47b55e162f16811ba93

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49

2024-05-28 08:49:17 +00:00

Description

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.

POC

Reference

No PoCs from references.

Github

https://github.com/1g-v/DevSec_Docker_lab
https://github.com/L-ivan7/-.-DevSec_Docker
https://github.com/NaInSec/CVE-LIST
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/fokypoky/places-list

1.1 KiB Raw Blame History

CVE-2023-27534

Description

POC

Reference

Github

1.1 KiB

Raw Blame History