Fluid Attacks Database

Description

A vulnerability was found in dotnet. This issue can cause an elevation of privilege when the TarFile.ExtractToDirectory ignores the extraction directory argument.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel8	dotnet7.0	<0:7.0.107-1.el8_8	0:7.0.107-1.el8_8
rpm rhel9	dotnet7.0	<0:7.0.107-1.el9_2	0:7.0.107-1.el9_2

Aliases

1. CVE-2023-320322. NVD-2023-320323. OSV-2023-32032

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.