What is CVE-2020-36241?

CVE-2020-36241 is a vulnerability in GNOME gnome-autoar through version 0.2.4 that allows Directory Traversal during extraction.

Which software is affected by CVE-2020-36241?

GNOME Shell, Nautilus, and other software that use gnome-autoar version 0.2.4 are affected by CVE-2020-36241.

How severe is CVE-2020-36241?

CVE-2020-36241 has a severity level of medium with a CVSS score of 5.5.

How can CVE-2020-36241 be exploited?

CVE-2020-36241 can be exploited through Directory Traversal by extracting files without checking if the parent directory is a symlink.

Is there a fix for CVE-2020-36241?

Yes, a fix for CVE-2020-36241 is available in the updated version of gnome-autoar.

Vulnerability/
CVE-2020-36241

medium

5.5

CWE

22 59

5/2/2021

4/8/2024

CVE-2020-36241: Path Traversal

First published: Fri Feb 05 2021(Updated: )

autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
GNOME gnome-autoar	<=0.2.4
Fedoraproject Fedora	=34

Remedy

https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-36241?
CVE-2020-36241 is a vulnerability in GNOME gnome-autoar through version 0.2.4 that allows Directory Traversal during extraction.
Which software is affected by CVE-2020-36241?
GNOME Shell, Nautilus, and other software that use gnome-autoar version 0.2.4 are affected by CVE-2020-36241.
How severe is CVE-2020-36241?
CVE-2020-36241 has a severity level of medium with a CVSS score of 5.5.
How can CVE-2020-36241 be exploited?
CVE-2020-36241 can be exploited through Directory Traversal by extracting files without checking if the parent directory is a symlink.
Is there a fix for CVE-2020-36241?
Yes, a fix for CVE-2020-36241 is available in the updated version of gnome-autoar.

collector/nvd-index
agent/description
agent/references
agent/weakness
agent/author
agent/severity
agent/type
agent/event
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/gnome
canonical/gnome gnome-autoar
version/gnome gnome-autoar/0.2.4
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/34

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.