vulnerability

Red Hat: CVE-2020-36241: CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:N/C:P/I:N/A:N)	Feb 5, 2021	Nov 10, 2021	Aug 11, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

Feb 5, 2021

Added

Nov 10, 2021

Modified

Aug 11, 2025

Description

autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

Solutions

redhat-upgrade-accountsserviceredhat-upgrade-accountsservice-debuginforedhat-upgrade-accountsservice-debugsourceredhat-upgrade-accountsservice-develredhat-upgrade-accountsservice-libsredhat-upgrade-accountsservice-libs-debuginforedhat-upgrade-gdmredhat-upgrade-gdm-debuginforedhat-upgrade-gdm-debugsourceredhat-upgrade-gnome-autoarredhat-upgrade-gnome-autoar-debuginforedhat-upgrade-gnome-autoar-debugsourceredhat-upgrade-gnome-calculatorredhat-upgrade-gnome-calculator-debuginforedhat-upgrade-gnome-calculator-debugsourceredhat-upgrade-gnome-classic-sessionredhat-upgrade-gnome-control-centerredhat-upgrade-gnome-control-center-debuginforedhat-upgrade-gnome-control-center-debugsourceredhat-upgrade-gnome-control-center-filesystemredhat-upgrade-gnome-online-accountsredhat-upgrade-gnome-online-accounts-debuginforedhat-upgrade-gnome-online-accounts-debugsourceredhat-upgrade-gnome-online-accounts-develredhat-upgrade-gnome-sessionredhat-upgrade-gnome-session-debuginforedhat-upgrade-gnome-session-debugsourceredhat-upgrade-gnome-session-kiosk-sessionredhat-upgrade-gnome-session-wayland-sessionredhat-upgrade-gnome-session-xsessionredhat-upgrade-gnome-settings-daemonredhat-upgrade-gnome-settings-daemon-debuginforedhat-upgrade-gnome-settings-daemon-debugsourceredhat-upgrade-gnome-shellredhat-upgrade-gnome-shell-debuginforedhat-upgrade-gnome-shell-debugsourceredhat-upgrade-gnome-shell-extension-apps-menuredhat-upgrade-gnome-shell-extension-auto-move-windowsredhat-upgrade-gnome-shell-extension-commonredhat-upgrade-gnome-shell-extension-dash-to-dockredhat-upgrade-gnome-shell-extension-desktop-iconsredhat-upgrade-gnome-shell-extension-disable-screenshieldredhat-upgrade-gnome-shell-extension-drive-menuredhat-upgrade-gnome-shell-extension-gesture-inhibitorredhat-upgrade-gnome-shell-extension-horizontal-workspacesredhat-upgrade-gnome-shell-extension-launch-new-instanceredhat-upgrade-gnome-shell-extension-native-window-placementredhat-upgrade-gnome-shell-extension-no-hot-cornerredhat-upgrade-gnome-shell-extension-panel-favoritesredhat-upgrade-gnome-shell-extension-places-menuredhat-upgrade-gnome-shell-extension-screenshot-window-sizerredhat-upgrade-gnome-shell-extension-systemmonitorredhat-upgrade-gnome-shell-extension-top-iconsredhat-upgrade-gnome-shell-extension-updates-dialogredhat-upgrade-gnome-shell-extension-user-themeredhat-upgrade-gnome-shell-extension-window-grouperredhat-upgrade-gnome-shell-extension-window-listredhat-upgrade-gnome-shell-extension-windowsnavigatorredhat-upgrade-gnome-shell-extension-workspace-indicatorredhat-upgrade-gnome-softwareredhat-upgrade-gnome-software-debuginforedhat-upgrade-gnome-software-debugsourceredhat-upgrade-gnome-software-develredhat-upgrade-gsettings-desktop-schemasredhat-upgrade-gsettings-desktop-schemas-develredhat-upgrade-gtk-update-icon-cacheredhat-upgrade-gtk-update-icon-cache-debuginforedhat-upgrade-gtk3redhat-upgrade-gtk3-debuginforedhat-upgrade-gtk3-debugsourceredhat-upgrade-gtk3-develredhat-upgrade-gtk3-devel-debuginforedhat-upgrade-gtk3-immodule-ximredhat-upgrade-gtk3-immodule-xim-debuginforedhat-upgrade-gtk3-immodules-debuginforedhat-upgrade-gtk3-tests-debuginforedhat-upgrade-librawredhat-upgrade-libraw-debuginforedhat-upgrade-libraw-debugsourceredhat-upgrade-libraw-develredhat-upgrade-libraw-samples-debuginforedhat-upgrade-mutterredhat-upgrade-mutter-debuginforedhat-upgrade-mutter-debugsourceredhat-upgrade-mutter-develredhat-upgrade-mutter-tests-debuginforedhat-upgrade-vinoredhat-upgrade-vino-debuginforedhat-upgrade-vino-debugsourceredhat-upgrade-webkit2gtk3redhat-upgrade-webkit2gtk3-debuginforedhat-upgrade-webkit2gtk3-debugsourceredhat-upgrade-webkit2gtk3-develredhat-upgrade-webkit2gtk3-devel-debuginforedhat-upgrade-webkit2gtk3-jscredhat-upgrade-webkit2gtk3-jsc-debuginforedhat-upgrade-webkit2gtk3-jsc-develredhat-upgrade-webkit2gtk3-jsc-devel-debuginfo

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today