PyPi: Diffoscope

CVE-2024-25711

Safety vulnerability ID: 66695

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 27, 2024 Updated at Dec 06, 2024

Scan your Python projects for vulnerabilities →

Advisory

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.

Affected package

diffoscope

Latest version: 284

in-depth comparison of files, archives, and directories

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25711

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application