Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the βtgt_envβ variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanationCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
2 reference(s) from NVD