CVE-2018-12907
N/A
N/A
Summary
In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a "RESTLESS" issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://openwall.com/lists/oss-security/2018/06/27/3
- https://www.danieldent.com/blog/restless-vulnerability-non-browser-cross-domain-http-request-attacks/
References
- http://openwall.com/lists/oss-security/2018/06/27/3
- https://www.danieldent.com/blog/restless-vulnerability-non-browser-cross-domain-http-request-attacks/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.