CVE-2023-7207

Publication date

2024-01-05 00:39:49

Family

canonical

State

PUBLISHED

Description

Debians cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.