The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Cvs |
Cvs |
1.10.8 (including) |
1.10.8 (including) |
References