Directory Traversal Vulnerability in GNOME Software Products
CVE-2021-28650
5.5MEDIUM
What is CVE-2021-28650?
A vulnerable component in GNOME's gnome-autoar library, specifically in autoar-extractor.c, exposes a risk of Directory Traversal during file extraction. This issue arises when the extraction process does not properly verify whether a file's parent directory is a symbolic link, particularly under certain complex conditions. This vulnerability is a result of an incomplete resolution of a previous security flaw, emphasizing the importance of comprehensive checks during file operations in GNOME software such as GNOME Shell and Nautilus.