CVE-2018-12907

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-12907

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12907.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-12907

Published

2018-06-27T13:29:00.263Z

Modified

2026-04-10T04:05:10.979719Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a "RESTLESS" issue.

References

Affected packages

Git / github.com/rclone/rclone

Affected ranges

Type

GIT

Repo

https://github.com/rclone/rclone

Events

Introduced

Last affected

a9adb4389628c086c0183c8daa1c8a59004f08b6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.42"
        }
    ]
}

Affected versions

v0.*

v0.90

v0.91

v0.92

v0.93

v0.94

v0.95

v0.96

v0.97

v0.98

v0.99

v1.*

v1.00

v1.01

v1.03

v1.04

v1.05

v1.06

v1.07

v1.08

v1.09

v1.10

v1.11

v1.12

v1.13

v1.14

v1.15

v1.16

v1.17

v1.18

v1.19

v1.20

v1.21

v1.22

v1.23

v1.24

v1.25

v1.26

v1.27

v1.28

v1.29

v1.29-1-gbb75d80

v1.30

v1.31

v1.32

v1.33

v1.34

v1.35

v1.36

v1.37

v1.38

v1.39

v1.40

v1.41

v1.42

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12907.json"