CVE-2023-27534
CVE Details
Last Update
11/7/2024
NIST CVE Summary
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
Our Official Summary
This vulnerability is reported on several 3rd party images used by the product. We are waiting on an upstream fix from the vendor. If the vulnerability is exploited, impact is low for the products using these images.
CVE Severity
Status
Ongoing
Affected Products & Versions
- Palette VerteX airgap 4.4.14
- Palette VerteX 4.5.3, 4.5.8
- Palette Enterprise 4.5.3, 4.5.8
Revision History
- 1.0 08/16/2024 Initial Publication
- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products
- 3.0 10/14/2024 Added Palette VerteX and Palette Enterprise 4.5.3 to Affected Products
- 4.0 11/7/2024 Added Palette Enterprise & Palette VerteX 4.5.8 to Affected Products