Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Creation of files outside the Download Folder through malicious PAR2 files
Vulnerability Description
SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
相对路径遍历
Vulnerability Title
SABnzbd 安全漏洞
Vulnerability Description
sabnzbd是一个应用软件。一个Python编写的开源二进制新闻阅读器。 SABnzbd 3.2.1RC1 存在安全漏洞,该漏洞源于可以欺骗filessystem .renamer()函数,通过恶意PAR2文件将已下载的文件写入配置的下载文件夹之外。
CVSS Information
N/A
Vulnerability Type
N/A