Vulnerability Database

319,703

Total vulnerabilities in the database

Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki

Impact

In the case that a malicious TAL file is parsed pointing to a repository that provides a malicious ROA file which octorpki downloads, it is possible to bypass the current directory traversal mitigation to allow writing outside of the current directory.

Patches

No patch release has been made

Published: Feb 14, 2022
Updated: Apr 14, 2023
GHSA: GHSA-8459-6rc9-8vf8
Severity: Low
Exploit:

No technical information available.

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
github.com/cloudflare/cfrpki/cmd/octorpki	-	1.4.2.x

https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8459-6rc9-8vf8

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo