cvedb.io
CVE-2017-6200
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2018-02-06T16:29:00.790 · Last modified 2026-06-17T01:21:56.180

Summary

Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.

Affected products

sandstorm — sandstorm

Does this affect you?

Add your gear to cvedb and we'll alert you only when sandstorm ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.