ГлавнаяУязвимости → CVE-2026-41082
7.3высокая

CVE-2026-41082

Описание

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.

Затрагиваемое ПО
Ocaml OpamDebian Debian linuxRedhat Enterprise linux
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Источники
https://github.com/ocaml/opam/pull/6897https://github.com/ocaml/opam/releases/tag/2.5.1https://osv.dev/vulnerability/OSEC-2026-03https://lists.debian.org/debian-lts-announce/2026/04/msg00021.htmlhttps://access.redhat.com/security/cve/CVE-2026-41082https://bugzilla.redhat.com/show_bug.cgi?id=2459003https://osv.dev/vulnerability/OSEC-2026-03https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41082.json