GHSA-4jvx-93h3-f45h: OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames
This advisory has been withdrawn.
References
- github.com/OpenC3/cosmos
- github.com/OpenC3/cosmos/commit/9957a9fa460c0c0cf5cdbf6a5931bbdd025246a5
- github.com/OpenC3/cosmos/commit/e6efccbd148ba0e3361c5891027f2373aa140d42
- github.com/OpenC3/cosmos/releases/tag/v6.10.5
- github.com/OpenC3/cosmos/releases/tag/v7.0.0-rc3
- github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h
- github.com/advisories/GHSA-4jvx-93h3-f45h
Code Behaviors & Features
Detect and mitigate GHSA-4jvx-93h3-f45h with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →