koji@1.16.1 vulnerabilities
Koji is a system for building and tracking RPMS. The base package contains shared libraries and the command-line interface.
-
latest version
1.34.0
-
latest non vulnerable version
-
first published
6 years ago
-
latest version published
4 months ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the koji package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
koji is a system for building and tracking RPMS. Affected versions of this package are vulnerable to Directory Traversal due to insufficient upload path validation. An attacker with credentials could choose an arbitrary destination for the uploaded file, resulting with Privilege Escalation. Note: the legacy-py24 branch is unaffected since it is client-only (no hub) How to fix Directory Traversal? Upgrade |
[,1.14.3)
[1.15.0,1.15.3)
[1.16.0,1.16.3)
[1.17.0,1.17.1)
[1.18.0,1.18.1)
|