Vulnerability Details CVE-2017-1000026
Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2017-1000026
-
cpe:2.3:a:progress:mixlib-archive:-
-
cpe:2.3:a:progress:mixlib-archive:0.1.0
-
cpe:2.3:a:progress:mixlib-archive:0.2.0
-
cpe:2.3:a:progress:mixlib-archive:0.3.0