What is CVE-2015-2060?

CVE-2015-2060 is a medium-severity vulnerability in Cabextract_project Cabextract, classified under Path Traversal. CVSS score: 5.3/10. Published 2019-11-29.

How severe is CVE-2015-2060?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Path Traversal in Cabextract_project Cabextract

CVE-2015-2060

cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.023 (81.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Weakness classification (CWE)

CWE-22 — Path Traversal

References

cve@mitre.org (Exploit, Mailing List, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (Mailing List, Third Party Advisory, x_refsource_MISC, Mitigation)
cve@mitre.org (Mailing List, Third Party Advisory, x_refsource_MISC, Mitigation)
cve@mitre.org (x_refsource_MISC, Vendor Advisory)
cve@mitre.org (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
cve@mitre.org (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
cve@mitre.org (x_refsource_MISC, Broken Link)

Frequently asked questions

What is CVE-2015-2060?: CVE-2015-2060 is a medium-severity vulnerability in Cabextract_project Cabextract, classified under Path Traversal. CVSS score: 5.3/10. Published 2019-11-29.
How severe is CVE-2015-2060?: Medium severity. CVSS v3 base score is 5.3 out of 10.