Skip to content
Threat Feed

Tag

Securedrop

1 brief RSS
high advisory

SecureDrop Client Code Execution via Gzip Extraction Vulnerability

A compromised SecureDrop server can achieve code execution on the SecureDrop client's virtual machine by exploiting improper filename validation during gzip archive extraction, allowing for the overwriting of critical files.

securedrop gzip code execution vulnerability linux
2r 1t 2c