The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: microfocus
Published: 2017-12-08T00:00:00
Updated: 2021-01-06T16:15:51
Reserved: 2017-09-27T00:00:00
Link: CVE-2017-14804
JSON object: View
NVD Information
Status : Modified
Published: 2018-03-01T20:29:00.413
Modified: 2023-11-07T02:39:13.180
Link: CVE-2017-14804
JSON object: View
Redhat Information
No data.