{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-20T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01.000Z", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://src.chromium.org/viewvc/chrome?revision=200603&view=revision"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html"}, {"name": "oval:org.mitre.oval:def:18381", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18381"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://crbug.com/181617"}, {"name": "DSA-2741", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2741"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2013-2900", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://src.chromium.org/viewvc/chrome?revision=200603&view=revision", "refsource": "CONFIRM", "url": "https://src.chromium.org/viewvc/chrome?revision=200603&view=revision"}, {"name": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html"}, {"name": "oval:org.mitre.oval:def:18381", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18381"}, {"name": "http://crbug.com/181617", "refsource": "CONFIRM", "url": "http://crbug.com/181617"}, {"name": "DSA-2741", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2741"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:52:21.155Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://src.chromium.org/viewvc/chrome?revision=200603&view=revision"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html"}, {"name": "oval:org.mitre.oval:def:18381", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18381"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://crbug.com/181617"}, {"name": "DSA-2741", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2741"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2013-2900", "datePublished": "2013-08-21T10:00:00.000Z", "dateReserved": "2013-04-11T00:00:00.000Z", "dateUpdated": "2024-08-06T15:52:21.155Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5F7E1EE-34F6-4ACD-8CB2-8E1E2C697167", "versionEndIncluding": "29.0.1547.56", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*", "matchCriteriaId": "A205F4A9-C759-4EDE-A220-4E8254FDF710", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*", "matchCriteriaId": "2691B40B-0780-4273-89A2-D4A27C9F6DDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*", "matchCriteriaId": "9A5E5187-F8DC-4ABC-8553-708863184E06", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*", "matchCriteriaId": "29895241-7320-4A63-9F5D-63DCDB746FA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*", "matchCriteriaId": "29FC1D63-65E6-4A74-9A35-DF163695B02F", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*", "matchCriteriaId": "EE4086C4-32FF-47B9-8028-976961465485", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*", "matchCriteriaId": "96815460-04C1-4149-8816-7752E179982E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*", "matchCriteriaId": "CFBCA972-CA9A-45BF-BE23-783EAA57B77E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*", "matchCriteriaId": "A5B57105-A7FD-4C2D-AFA8-852372E18588", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*", "matchCriteriaId": "3DA34F38-99D6-475E-8E2B-FB5A8476B64E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*", "matchCriteriaId": "C97CA451-8E54-4E8E-A016-F0B35898AC11", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*", "matchCriteriaId": "C4994EC6-189A-469C-93B5-A937C00417DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*", "matchCriteriaId": "4AD3ACF2-C0FE-48DF-818B-85145B0FC1BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*", "matchCriteriaId": "9636B493-5817-4FB6-9DC5-B90B00352633", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*", "matchCriteriaId": "DFDF5FF9-232E-4639-A9B7-3EED34473189", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*", "matchCriteriaId": "3C0520DA-59C7-439B-B844-3E4205D5F183", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*", "matchCriteriaId": "6E124A90-EB96-453E-A144-31B7D0837CB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*", "matchCriteriaId": "3EC39D00-0AB3-428D-9ABC-68AD05F25C4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*", "matchCriteriaId": "740A8019-FBED-4CBE-9429-8B704F6AE1F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*", "matchCriteriaId": "E20C7EE2-A0F6-41A0-B253-24C44C2B4504", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*", "matchCriteriaId": "6969D860-2DD9-41C6-832C-9DD9E6ADB641", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*", "matchCriteriaId": "23E7D241-B1EC-4C71-8040-21034EB307E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*", "matchCriteriaId": "9FCE5807-2AC0-4EAC-8254-0DE691BE1D51", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*", "matchCriteriaId": "4EAC107C-35DD-44A4-A2DC-ACB038DE0A19", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*", "matchCriteriaId": "DD6BE2CA-8D36-4D22-B647-CEB71882BDB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*", "matchCriteriaId": "DA6C1355-357C-496A-AD0A-07147AAB1F87", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*", "matchCriteriaId": "E715A992-AD6C-4108-B72D-2CD8079130D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*", "matchCriteriaId": "378821F6-51E8-46F6-99DA-088AE15CCA88", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*", "matchCriteriaId": "0F65387F-8F24-4F56-AE72-BE3C275738D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*", "matchCriteriaId": "C43A8070-20EF-47AE-AE18-29F84E6DE46C", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*", "matchCriteriaId": "16FA0F16-3056-4CF8-AFC9-63646C616834", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*", "matchCriteriaId": "9C4F7F75-26DF-4A4E-BB56-2C1518B444A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*", "matchCriteriaId": "6C623D17-6FA1-4BF4-B97B-C28C1A4FA94B", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*", "matchCriteriaId": "C278FCD7-B7D0-423D-ACA8-81E748D68E86", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*", "matchCriteriaId": "A2DB4A78-442D-4C4D-81FE-8839BA1B32F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*", "matchCriteriaId": "7EB94975-2E46-4B37-914F-97EB52E53ABA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*", "matchCriteriaId": "B76A5684-CCE8-4596-95BA-6E885A55F7E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*", "matchCriteriaId": "775E231C-BFE6-4590-9D51-796CA54FF4FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*", "matchCriteriaId": "C091A681-60FB-470F-8D86-E0EEC23B0266", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*", "matchCriteriaId": "C41C427C-CDB7-4E9B-B46A-DED3DCCA16E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*", "matchCriteriaId": "911006E1-8631-4ADB-BD1D-6574EAEC36A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*", "matchCriteriaId": "258CE5FE-41C4-4738-A39F-E1885E070D6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*", "matchCriteriaId": "4134B5DA-59A5-4BE5-8613-F9CC4776A0AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*", "matchCriteriaId": "FFD852DE-41AE-4C9F-898C-79C0B81B2B5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*", "matchCriteriaId": "6975C72C-3499-4DBA-A1D3-56C67077AA03", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*", "matchCriteriaId": "D6CB37BA-E21E-4DD7-AC2C-17D1951AA6AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*", "matchCriteriaId": "B2BAB482-CACD-465D-A007-5377C6FCE784", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*", "matchCriteriaId": "7F3581AF-6A19-42AD-ACA5-C1B8E922BE32", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*", "matchCriteriaId": "8D85AA6D-A0B9-42F1-8F12-686256276F03", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*", "matchCriteriaId": "466AC650-FE2F-427A-AB9B-3E18F5563CE4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name."}, {"lang": "es", "value": "La funcion FilePath::ReferencesParent en files/file_path.cc en Google Chrome anterior a v29.0.1547.57 en Windows no maneja adecuadamente las rutas de los componentes compuestos en su totalidad de. (punto) y espacios en blanco, lo que permite a atacantes remotos realizar ataques transversales de directorio a trav\u00e9s de un nombre de directorio manipulado."}], "id": "CVE-2013-2900", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-21T12:17:56.730", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://crbug.com/181617"}, {"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2013/dsa-2741"}, {"source": "chrome-cve-admin@google.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18381"}, {"source": "chrome-cve-admin@google.com", "url": "https://src.chromium.org/viewvc/chrome?revision=200603&view=revision"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://crbug.com/181617"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18381"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://src.chromium.org/viewvc/chrome?revision=200603&view=revision"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}