Vulnerability	Vulnerable Version
H Directory Traversal diffoscope is a tool to get to the bottom of what makes files or directories different. Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of embedded filenames in GPG files. An attacker can disclose the contents of any file on the system, such as sensitive SSH private keys, by crafting a GPG file that specifies a path traversal in the embedded filename. This vulnerability leverages the `--use-embedded-filenames` option of GPG, which is incorrectly trusted to specify safe file paths. How to fix Directory Traversal? Upgrade `diffoscope` to version 256 or higher.	[,256)

Directory Traversal

diffoscope is a tool to get to the bottom of what makes files or directories different.

Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of embedded filenames in GPG files. An attacker can disclose the contents of any file on the system, such as sensitive SSH private keys, by crafting a GPG file that specifies a path traversal in the embedded filename. This vulnerability leverages the --use-embedded-filenames option of GPG, which is incorrectly trusted to specify safe file paths.

How to fix Directory Traversal?

Upgrade diffoscope to version 256 or higher.

[,256)

Go back to all versions of this package