Impact
The existing URI path filters in OctoRPKI (version < 1.4.3) mitigating Path traversal vulnerability could be bypassed by an attacker. In case a malicious TAL file is parsed, it was possible to write files outside the base cache folder.
Patches
The issue was fixed in version 1.4.3
References
References
- https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3jhm-87m6-x959
- https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh
- https://nvd.nist.gov/vuln/detail/CVE-2021-3907
- https://github.com/cloudflare/cfrpki/releases/tag/v1.4.3
- https://github.com/advisories/GHSA-3jhm-87m6-x959