Sandstorm Development Group, Inc. and contributors

1 exploit Active since Feb 2018
CVE-2017-6200 WRITEUP MEDIUM WRITEUP
Sandstorm < 0.203 - Unauthenticated Arbitrary File Read via Backup Function
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.
CVSS 6.5