-
Bug
-
Resolution: Done
-
Minor
-
None
-
None
-
None
-
False
-
None
-
False
-
-
Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2969882 (2969882)
Severity: Critical
CVE: Unknown
Product/Engagement/Test: test/product / AdHoc Import - Thu, 11 Apr 2024 15:09:51 / SnykCode Scan (SARIF)
Source File: osh/client/completion/main.py
Source Line: 73
Description:
*Result message:* Unsanitized input from a command line argument flows into open, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read arbitrary files.
*Rule name:* BD
*Rule short description:* Path Traversal
*Code flow:*
1. osh/client/completion/main.py:L120:C10
2. osh/client/completion/main.py:L120:C10
3. osh/client/completion/main.py:L96:C10
4. osh/client/completion/main.py:L98:C28
5. osh/client/completion/main.py:L98:C28
6. osh/client/completion/main.py:L66:C21
7. osh/client/completion/main.py:L70:C29
8. osh/client/completion/main.py:L17:C18
9. osh/client/completion/main.py:L23:C51
10. osh/client/completion/main.py:L23:C37
11. osh/client/completion/main.py:L23:C12
12. osh/client/completion/main.py:L70:C5
13. osh/client/completion/main.py:L73:C19
14. osh/client/completion/main.py:L73:C14
Reporter: (ccota) ()