{"id":"CVE-2018-10897","details":"A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.","modified":"2026-04-02T00:59:03.731281Z","published":"2018-08-01T17:29:00.457Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2284"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2626"},{"type":"ADVISORY","url":"https://github.com/rpm-software-management/yum-utils/pull/43"},{"type":"ADVISORY","url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041594"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2285"},{"type":"FIX","url":"https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c"},{"type":"FIX","url":"https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rpm-software-management/yum-utils","events":[{"introduced":"0"},{"fixed":"6a8de061f8fdc885e74ebe8c94625bf53643b71c"}]},{"type":"GIT","repo":"https://github.com/rpm-software-management/yum-utils","events":[{"introduced":"0"},{"fixed":"7554c0133eb830a71dc01846037cc047d0acbc2c"}]},{"type":"GIT","repo":"https://github.com/rpm-software-management/yum-utils","events":[{"introduced":"0"},{"fixed":"6a8de061f8fdc885e74ebe8c94625bf53643b71c"}]},{"type":"GIT","repo":"https://github.com/rpm-software-management/yum-utils","events":[{"introduced":"0"},{"fixed":"7554c0133eb830a71dc01846037cc047d0acbc2c"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10897.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.1.31"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}