2018-02-06 16:00:00
mitre
PUBLISHED
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesnt filter Line Feed (n) characters in a directory name.