DEBIAN-CVE-2020-36241

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2020-36241

Published: 05 Feb 2021, 14:15

Last modified:19 Nov 2025, 01:02

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

05 Feb 2021, 14:15

Published

Vulnerability first disclosed

19 Nov 2025, 01:02

Last Modified

Vulnerability information updated

Description

autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Systems

debian•gnome-autoar
< 0.2.4-3 | < 0.2.4-3 | < 0.2.4-3 | < 0.2.4-3

References (1)

https://security-tracker.debian.org/tracker/CVE-2020-36241