Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-02-06T16:00:00
Updated: 2024-08-05T15:25:49.028Z
Reserved: 2017-02-22T00:00:00
Link: CVE-2017-6200
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-02-06T16:29:00.790
Modified: 2024-11-21T03:29:14.687
Link: CVE-2017-6200
Redhat
No data.