Skip to content

Commit c44ccaf

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent d9bcc68 commit c44ccaf

File tree

1 file changed

+30
-5
lines changed

1 file changed

+30
-5
lines changed

advisories/unreviewed/2026/03/GHSA-rpqr-j937-6qr9/GHSA-rpqr-j937-6qr9.json renamed to advisories/github-reviewed/2026/03/GHSA-rpqr-j937-6qr9/GHSA-rpqr-j937-6qr9.json

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-rpqr-j937-6qr9",
4-
"modified": "2026-03-03T15:31:41Z",
4+
"modified": "2026-03-04T20:25:40Z",
55
"published": "2026-03-03T15:31:41Z",
66
"aliases": [
77
"CVE-2026-28518"
88
],
9+
"summary": "OpenViking contains a Path Traversal vulnerability",
910
"details": "OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or drive prefixes in member names to overwrite or create arbitrary files with the importing process privileges.",
1011
"severity": [
1112
{
@@ -14,10 +15,30 @@
1415
},
1516
{
1617
"type": "CVSS_V4",
17-
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "PyPI",
25+
"name": "openviking"
26+
},
27+
"ranges": [
28+
{
29+
"type": "ECOSYSTEM",
30+
"events": [
31+
{
32+
"introduced": "0"
33+
},
34+
{
35+
"last_affected": "0.2.1"
36+
}
37+
]
38+
}
39+
]
1840
}
1941
],
20-
"affected": [],
2142
"references": [
2243
{
2344
"type": "ADVISORY",
@@ -31,6 +52,10 @@
3152
"type": "WEB",
3253
"url": "https://github.com/volcengine/OpenViking/commit/46b3e76e28b9b3eee73693720c9ec48820228b72"
3354
},
55+
{
56+
"type": "PACKAGE",
57+
"url": "https://github.com/volcengine/OpenViking"
58+
},
3459
{
3560
"type": "WEB",
3661
"url": "https://www.vulncheck.com/advisories/openviking-ovpack-import-zip-slip-path-traversal"
@@ -41,8 +66,8 @@
4166
"CWE-22"
4267
],
4368
"severity": "HIGH",
44-
"github_reviewed": false,
45-
"github_reviewed_at": null,
69+
"github_reviewed": true,
70+
"github_reviewed_at": "2026-03-04T20:25:40Z",
4671
"nvd_published_at": "2026-03-03T15:16:20Z"
4772
}
4873
}

0 commit comments

Comments
 (0)