CVE-2017-6200

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-6200

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6200.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-6200

Published

2018-02-06T16:29:00.790Z

Modified

2026-04-10T04:00:40.614376Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.

References

Affected packages

Git / github.com/sandstorm-io/sandstorm

Affected ranges

Type

GIT

Repo

https://github.com/sandstorm-io/sandstorm

Events

Introduced

Fixed

de824e86b13e1acc2129b80911520de6068ba2ea

Fixed

4ea8df7403381d9b657b121b3c98d8081b27414d

Fixed

6e8572ea8bb56d0216bb1b410e5040edc051b120

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.203"
        }
    ]
}

Affected versions

v0.*

v0.101

v0.102

v0.103

v0.104

v0.105

v0.106

v0.107

v0.108

v0.109

v0.11

v0.110

v0.111

v0.112

v0.113

v0.114

v0.115

v0.116

v0.117

v0.119

v0.12

v0.120

v0.121

v0.122

v0.126

v0.127

v0.128

v0.129

v0.13

v0.130

v0.131

v0.132

v0.133

v0.134

v0.135

v0.136

v0.137

v0.138

v0.139

v0.14

v0.140

v0.141

v0.142

v0.143

v0.144

v0.145

v0.146

v0.147

v0.148

v0.149

v0.15

v0.150

v0.151

v0.152

v0.154

v0.155

v0.156

v0.157

v0.158

v0.159

v0.16

v0.160

v0.161

v0.162

v0.163

v0.164

v0.165

v0.166

v0.167

v0.168

v0.169

v0.170

v0.171

v0.172

v0.173

v0.174

v0.175

v0.176

v0.177

v0.178

v0.179

v0.18

v0.180

v0.181

v0.182

v0.183

v0.184

v0.185

v0.186

v0.187

v0.188

v0.189

v0.19

v0.190

v0.191

v0.192

v0.193

v0.194

v0.195

v0.196

v0.197

v0.198

v0.199

v0.20

v0.200

v0.201

v0.202

v0.21

v0.22

v0.23

v0.24

v0.25

v0.26

v0.27

v0.28

v0.29

v0.30

v0.31

v0.32

v0.33

v0.35

v0.36

v0.37

v0.38

v0.39

v0.40

v0.41

v0.42

v0.46

v0.47

v0.48

v0.49

v0.5

v0.50

v0.51

v0.52

v0.53

v0.54

v0.55

v0.56

v0.57

v0.58

v0.59

v0.6

v0.60

v0.61

v0.62

v0.63

v0.64

v0.65

v0.66

v0.67

v0.68

v0.69

v0.7

v0.70

v0.71

v0.72

v0.73

v0.74

v0.75

v0.76

v0.77

v0.78

v0.79

v0.8

v0.80

v0.81

v0.82

v0.83

v0.84

v0.85

v0.86

v0.87

v0.88

v0.89

v0.90

v0.91

v0.92

v0.93

v0.94

v0.95

v0.96

v0.97

v0.98

v0.99

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6200.json"