Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
{ "binaries": [ { "binary_name": "patch", "binary_version": "2.7.1-4ubuntu2.3" }, { "binary_name": "patch-dbgsym", "binary_version": "2.7.1-4ubuntu2.3" } ], "availability": "No subscription required" }