VDB

CVE-2011-1586

CVE-2011-1586 PUBLISHED CVSS 5.800000190734863 MEDIUM

Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.

EPSS 0.85% · 75.2th percentile

Risk Scores

CVSS 2.0
5.800000190734863
EPSS Score
0.85%
75.2th percentile

Affected Products

VendorProductVersions
n/an/an/a
kdekde_sc4.3.5, 2.2.0, 4.0.0

Timeline

  • Apr 27, 2011 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Jul 17, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›