diffoscope@202 vulnerabilities
in-depth comparison of files, archives, and directories
-
latest version
267
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
a day ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the diffoscope package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
diffoscope is a tool to get to the bottom of what makes files or directories different. Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of embedded filenames in GPG files. An attacker can disclose the contents of any file on the system, such as sensitive SSH private keys, by crafting a GPG file that specifies a path traversal in the embedded filename. This vulnerability leverages the How to fix Directory Traversal? Upgrade |
[,256)
|