NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt |
History
No history.
MITRE
Status: PUBLISHED
Assigner: NLnet Labs
Published: 2023-09-13T14:24:08.907Z
Updated: 2024-08-02T18:18:09.984Z
Reserved: 2023-08-07T11:55:17.843Z
Link: CVE-2023-39916
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-13T15:15:07.837
Modified: 2023-09-19T04:05:17.463
Link: CVE-2023-39916
Redhat
No data.