CVE-2024-10389 Affecting govulncheck-vulndb package, versions <0.0.20241112T145010-150000.1.17.1
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES155-GOVULNCHECKVULNDB-8421532
- published 26 Nov 2024
- disclosed 22 Nov 2024
How to fix?
Upgrade SLES:15.5 govulncheck-vulndb to version 0.0.20241112T145010-150000.1.17.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream govulncheck-vulndb package and not the govulncheck-vulndb package as distributed by SLES.
See How to fix? for SLES:15.5 relevant fixed versions and status.
There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc