[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-52522":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":212,"aliases":213,"duplicate_of":9,"upstream":217,"downstream":218,"duplicates":229,"related":230,"reserved_at":9,"published_at":241,"modified_at":242,"state":243,"summary":244,"references_raw":253,"kevs":278,"epss":279,"epss_history":282,"metrics":550,"affected":563},"CVE-2024-52522","Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.",null,[11,195,207],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-59","Improper Link Resolution Before File Access ('Link Following')","The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","weakness","Draft","Base","Medium",[20,101,162,191],{"id":21,"name":22,"techniques":23},"CAPEC-132","Symlink Attack",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1547.009","Shortcut Modification",[28,31],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,62,67,72,77,81,85,89,93,97],{"id":36,"name":37,"tactic":38},"D3-FA","File Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DA","Dynamic Analysis",{"name":39},{"id":49,"name":50,"tactic":51},"D3-EFA","Emulated File Analysis",{"name":39},{"id":53,"name":54,"tactic":55},"D3-FEV","File Eviction",{"name":56},"Evict",{"id":58,"name":59,"tactic":60},"D3-DF","Decoy File",{"name":61},"Deceive",{"id":63,"name":64,"tactic":65},"D3-FE","File Encryption",{"name":66},"Harden",{"id":68,"name":69,"tactic":70},"D3-RF","Restore File",{"name":71},"Restore",{"id":73,"name":74,"tactic":75},"D3-CF","Content Filtering",{"name":76},"Isolate",{"id":78,"name":79,"tactic":80},"D3-LFP","Local File Permissions",{"name":76},{"id":82,"name":83,"tactic":84},"D3-RFAM","Remote File Access Mediation",{"name":76},{"id":86,"name":87,"tactic":88},"D3-CQ","Content Quarantine",{"name":76},{"id":90,"name":91,"tactic":92},"D3-CM","Content Modification",{"name":76},{"id":94,"name":95,"tactic":96},"D3-EAL","Executable Allowlisting",{"name":76},{"id":98,"name":99,"tactic":100},"D3-EDL","Executable Denylisting",{"name":76},{"id":102,"name":103,"techniques":104},"CAPEC-17","Using Malicious Files",[105,142],{"id":106,"name":107,"tactics":108,"countermeasures":120},"T1574.005","Executable Installer File Permissions Weakness",[109,110,111,114,117],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},"TA0030","Defense Evasion",{"id":115,"name":116},"TA0005","Stealth",{"id":118,"name":119},"TA0104","Execution",[121,126,130,134,138],{"id":122,"name":123,"tactic":124},"D3-SWI","Software Inventory",{"name":125},"Model",{"id":127,"name":128,"tactic":129},"D3-AVE","Asset Vulnerability Enumeration",{"name":125},{"id":131,"name":132,"tactic":133},"D3-SBV","Service Binary Verification",{"name":39},{"id":135,"name":136,"tactic":137},"D3-SU","Software Update",{"name":66},{"id":139,"name":140,"tactic":141},"D3-RS","Restore Software",{"name":71},{"id":143,"name":144,"tactics":145,"countermeasures":151},"T1574.010","Services File Permissions Weakness",[146,147,148,149,150],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},{"id":115,"name":116},{"id":118,"name":119},[152,154,156,158,160],{"id":122,"name":123,"tactic":153},{"name":125},{"id":127,"name":128,"tactic":155},{"name":125},{"id":131,"name":132,"tactic":157},{"name":39},{"id":135,"name":136,"tactic":159},{"name":66},{"id":139,"name":140,"tactic":161},{"name":71},{"id":163,"name":164,"techniques":165},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[166,173,180],{"id":167,"name":168,"tactics":169,"countermeasures":172},"T1027.006","HTML Smuggling",[170,171],{"id":112,"name":113},{"id":115,"name":116},[],{"id":174,"name":175,"tactics":176,"countermeasures":179},"T1027.009","Embedded Payloads",[177,178],{"id":112,"name":113},{"id":115,"name":116},[],{"id":181,"name":182,"tactics":183,"countermeasures":186},"T1564.009","Resource Forking",[184,185],{"id":112,"name":113},{"id":115,"name":116},[187],{"id":188,"name":189,"tactic":190},"D3-FFV","File Format Verification",{"name":76},{"id":192,"name":193,"techniques":194},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"_key":196,"id":196,"name":197,"description":198,"type":15,"status":199,"abstraction":200,"likelihood_of_exploit":201,"capec":202},"CWE-61","UNIX Symbolic Link (Symlink) Following","The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.","Incomplete","Compound","High",[203],{"id":204,"name":205,"techniques":206},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],{"_key":208,"id":208,"name":209,"description":210,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":211},"CWE-281","Improper Preservation of Permissions","The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.",[],[],[214,215,216],"GHSA-hrxh-9w67-g4cv","BIT-rclone-2024-52522","GO-2024-3271",[],[219,221,223,225,227],{"_key":220},"OPENSUSE-SU-2024:14513-1",{"_key":222},"OPENSUSE-SU-2024:14524-1",{"_key":224},"DEBIAN-CVE-2024-52522",{"_key":226},"MGASA-2026-0147",{"_key":228},"UBUNTU-CVE-2024-52522",[],[231,232,233,235,237,239],{"_key":220},{"_key":222},{"_key":234},"CGA-4FG9-28H4-5HQF",{"_key":236},"CGA-5J4X-PPM9-WVX5",{"_key":238},"CGA-VVPR-MXW9-7365",{"_key":240},"CGA-8H7W-GQ43-QR33","2024-11-15T17:15:43.357Z","2024-11-21T14:56:00.193Z","Deferred",{"cisa_kev":245,"cisa_ransomware":245,"cisa_vendor":9,"epss_severity":246,"epss_score":247,"severity":248,"severity_score":249,"severity_version":250,"severity_source":251,"severity_vector":252,"severity_status":243},false,"low",0.00028,"medium",5.4,"v4.0","cve.org","CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",[254,262,268,273],{"url":255,"sources":256,"tags":259},"https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv",[251,257,258],"nvd","osv_go",[260,261],"X Refsource CONFIRM","WEB",{"url":263,"sources":264,"tags":265},"https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0",[251,257,258],[266,261,267],"X Refsource MISC","FIX",{"url":269,"sources":270,"tags":271},"https://nvd.nist.gov/vuln/detail/CVE-2024-52522",[258],[272],"Advisory",{"url":274,"sources":275,"tags":276},"https://github.com/rclone/rclone",[258],[277],"PACKAGE",[],{"date":280,"score":247,"percentile":281},"2026-06-04",0.08264,[283,287,290,293,296,299,302,305,308,311,314,317,320,323,326,330,333,336,339,342,345,348,351,354,357,360,362,364,367,370,373,376,379,382,385,388,391,394,397,400,403,406,409,412,415,418,421,424,427,430,433,437,440,443,446,450,453,456,459,462,465,468,471,474,476,479,482,485,487,490,493,496,499,502,505,507,510,513,516,519,522,525,528,531,534,537,540,542,545,548],{"date":284,"score":285,"percentile":286},"2025-11-04",0.00032,0.08226,{"date":288,"score":285,"percentile":289},"2025-11-05",0.08238,{"date":291,"score":285,"percentile":292},"2025-11-06",0.08355,{"date":294,"score":285,"percentile":295},"2025-11-07",0.08373,{"date":297,"score":285,"percentile":298},"2025-11-08",0.08372,{"date":300,"score":285,"percentile":301},"2025-11-09",0.08336,{"date":303,"score":285,"percentile":304},"2025-11-10",0.08295,{"date":306,"score":285,"percentile":307},"2025-11-11",0.08321,{"date":309,"score":285,"percentile":310},"2025-11-12",0.08356,{"date":312,"score":285,"percentile":313},"2025-11-13",0.08397,{"date":315,"score":285,"percentile":316},"2025-11-14",0.08465,{"date":318,"score":285,"percentile":319},"2025-11-15",0.08496,{"date":321,"score":285,"percentile":322},"2025-11-16",0.08508,{"date":324,"score":285,"percentile":325},"2025-11-17",0.08505,{"date":327,"score":328,"percentile":329},"2025-11-18",0.00034,0.05582,{"date":331,"score":328,"percentile":332},"2025-11-19",0.05602,{"date":334,"score":328,"percentile":335},"2025-11-20",0.05635,{"date":337,"score":285,"percentile":338},"2025-11-21",0.08621,{"date":340,"score":285,"percentile":341},"2025-11-22",0.08551,{"date":343,"score":285,"percentile":344},"2025-11-23",0.08526,{"date":346,"score":285,"percentile":347},"2025-11-24",0.08519,{"date":349,"score":285,"percentile":350},"2025-11-25",0.08512,{"date":352,"score":285,"percentile":353},"2025-11-26",0.08516,{"date":355,"score":285,"percentile":356},"2025-11-27",0.08518,{"date":358,"score":285,"percentile":359},"2025-11-28",0.0849,{"date":361,"score":285,"percentile":344},"2025-11-29",{"date":363,"score":285,"percentile":344},"2025-11-30",{"date":365,"score":285,"percentile":366},"2025-12-01",0.08556,{"date":368,"score":285,"percentile":369},"2025-12-02",0.08576,{"date":371,"score":285,"percentile":372},"2025-12-03",0.08602,{"date":374,"score":285,"percentile":375},"2025-12-04",0.08593,{"date":377,"score":285,"percentile":378},"2025-12-05",0.08609,{"date":380,"score":285,"percentile":381},"2025-12-06",0.08627,{"date":383,"score":285,"percentile":384},"2025-12-07",0.0863,{"date":386,"score":285,"percentile":387},"2025-12-08",0.08623,{"date":389,"score":285,"percentile":390},"2025-12-09",0.08661,{"date":392,"score":285,"percentile":393},"2025-12-10",0.08735,{"date":395,"score":285,"percentile":396},"2025-12-11",0.08776,{"date":398,"score":285,"percentile":399},"2025-12-12",0.08799,{"date":401,"score":285,"percentile":402},"2025-12-13",0.08807,{"date":404,"score":285,"percentile":405},"2025-12-14",0.08803,{"date":407,"score":285,"percentile":408},"2025-12-15",0.08743,{"date":410,"score":285,"percentile":411},"2025-12-16",0.08768,{"date":413,"score":285,"percentile":414},"2025-12-17",0.08852,{"date":416,"score":285,"percentile":417},"2025-12-18",0.0891,{"date":419,"score":285,"percentile":420},"2025-12-19",0.08924,{"date":422,"score":285,"percentile":423},"2025-12-20",0.08916,{"date":425,"score":285,"percentile":426},"2025-12-21",0.08858,{"date":428,"score":285,"percentile":429},"2025-12-22",0.08825,{"date":431,"score":285,"percentile":432},"2025-12-23",0.08811,{"date":434,"score":435,"percentile":436},"2025-12-24",0.00025,0.061,{"date":438,"score":435,"percentile":439},"2025-12-25",0.0615,{"date":441,"score":435,"percentile":442},"2025-12-26",0.06141,{"date":444,"score":435,"percentile":445},"2025-12-27",0.06137,{"date":447,"score":448,"percentile":449},"2025-12-28",0.00024,0.05694,{"date":451,"score":448,"percentile":452},"2025-12-29",0.05681,{"date":454,"score":448,"percentile":455},"2025-12-30",0.05668,{"date":457,"score":448,"percentile":458},"2025-12-31",0.05703,{"date":460,"score":448,"percentile":461},"2026-01-01",0.05775,{"date":463,"score":448,"percentile":464},"2026-01-02",0.05773,{"date":466,"score":448,"percentile":467},"2026-01-03",0.05734,{"date":469,"score":448,"percentile":470},"2026-01-04",0.05639,{"date":472,"score":448,"percentile":473},"2026-01-05",0.05604,{"date":475,"score":448,"percentile":332},"2026-01-06",{"date":477,"score":448,"percentile":478},"2026-01-07",0.05625,{"date":480,"score":448,"percentile":481},"2026-01-08",0.05689,{"date":483,"score":448,"percentile":484},"2026-01-09",0.05687,{"date":486,"score":448,"percentile":481},"2026-01-10",{"date":488,"score":448,"percentile":489},"2026-01-11",0.05673,{"date":491,"score":448,"percentile":492},"2026-01-12",0.05655,{"date":494,"score":448,"percentile":495},"2026-01-13",0.05643,{"date":497,"score":448,"percentile":498},"2026-01-14",0.05686,{"date":500,"score":448,"percentile":501},"2026-01-15",0.05678,{"date":503,"score":448,"percentile":504},"2026-01-16",0.05682,{"date":506,"score":448,"percentile":498},"2026-01-17",{"date":508,"score":448,"percentile":509},"2026-01-18",0.0568,{"date":511,"score":448,"percentile":512},"2026-01-19",0.05641,{"date":514,"score":448,"percentile":515},"2026-01-20",0.05614,{"date":517,"score":448,"percentile":518},"2026-01-21",0.05617,{"date":520,"score":448,"percentile":521},"2026-01-22",0.05601,{"date":523,"score":448,"percentile":524},"2026-01-23",0.05659,{"date":526,"score":448,"percentile":527},"2026-01-24",0.05706,{"date":529,"score":448,"percentile":530},"2026-01-25",0.05644,{"date":532,"score":448,"percentile":533},"2026-01-26",0.05624,{"date":535,"score":448,"percentile":536},"2026-01-27",0.05603,{"date":538,"score":448,"percentile":539},"2026-01-28",0.05589,{"date":541,"score":448,"percentile":521},"2026-01-29",{"date":543,"score":448,"percentile":544},"2026-01-30",0.05599,{"date":546,"score":448,"percentile":547},"2026-01-31",0.05574,{"date":549,"score":448,"percentile":495},"2026-02-01",[551,554,557],{"source":251,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":552},{"baseScore":249,"baseSeverity":553,"vectorString":252,"impactScore":9,"exploitabilityScore":9},"MEDIUM",{"source":257,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":555},{"baseScore":249,"baseSeverity":553,"vectorString":556,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",{"source":258,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":558,"cvss_v4_0":562},{"baseScore":559,"baseSeverity":9,"vectorString":560,"impactScore":561,"exploitabilityScore":249},5.5,"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",5.7,{"baseScore":249,"baseSeverity":9,"vectorString":252,"impactScore":9,"exploitabilityScore":9},[564,579],{"ecosystem":565,"name":566,"vendor":567,"product":568,"cpe_part":9,"purl_type":569,"purl_namespace":567,"purl_name":568,"source":9,"versions":570},"Go","github.com/rclone/rclone","github.com/rclone","rclone","golang",[571],{"version":572,"is_range":573,"range_type":574,"version_start":575,"version_start_type":576,"version_end":577,"version_end_type":578,"fixed_in":9},"gte1_59_0_lt1_68_2",true,"semver","1.59.0","including","1.68.2","excluding",{"ecosystem":9,"name":568,"vendor":568,"product":568,"cpe_part":580,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":581},"a",[582],{"version":583,"is_range":573,"range_type":251,"version_start":575,"version_start_type":576,"version_end":577,"version_end_type":578,"fixed_in":9},">= 1.59.0, \u003C 1.68.2"]