-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from two key failures: 1) Improper sanitization of URI paths from TAL files containing '..' sequences, and 2) Incorrect path concatenation logic with the cache directory. The fix in v1.4.3 specifically addressed trailing slash handling in cache paths and improved path validation, indicating these functions were at fault. While exact function names aren't provided in advisories, the described vulnerability pattern strongly implicates URI processing and file writing functions in the octorpki component.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/cloudflare/cfrpki | go | < 1.4.3 | 1.4.3 |