Safearchive Path Traversal Vulnerability on Case-Insensitive Filesystems
CVE-2024-10389 Published on November 4, 2024
Path Traversal in Safearchive
There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc
Weakness Type
What is a DLL preloading Vulnerability?
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CVE-2024-10389 has been classified to as a DLL preloading vulnerability or weakness.
Products Associated with CVE-2024-10389
Want to know whenever a new CVE is published for Google Safearchive? stack.watch will email you.
Affected Versions
Google Safearchive:- Before f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.