CVE-2016-10100

MEDIUM

Borg <1.0.9 - Code Injection

Title source: llm

Description

Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive.

References (2)

[Mitigation, Vendor Advisory] http://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95203

Scores

CVSS v3 5.3

EPSS 0.0029

EPSS Percentile 52.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-20

Status published

Affected Products (2)

borg/borg < 1.0.8

n/a/n/a

Timeline

Published Jan 02, 2017

Tracked Since Feb 18, 2026