CVE-2020-35883
CRITICALmozwire < 0.4.1 and >=0 <0.5.0 - Path Traversal via .conf File Overwrite
Title source: llmDescription
An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://rustsec.org/advisories/RUSTSEC-2020-0030.html
Scores
CVSS v3
9.1
EPSS
0.0151
EPSS Percentile
71.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (2)
crates.io/mozwire
0 - 0.5.0crates.io
mozwire_project/mozwire
< 0.4.1
Published
Dec 31, 2020
Tracked Since
Feb 18, 2026