cvedb.io
CVE-2018-12474
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2018-10-09T13:29:00.400 · Last modified 2026-06-17T01:37:51.117

Summary

Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106.

Affected products

opensuse — tar_scm

Does this affect you?

Add your gear to cvedb and we'll alert you only when opensuse ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.