FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qpress -- directory traversal

Affected packages
qpress < 11.3
xtrabackup8 < 8.0.32

Details

VuXML ID 2f38c6a2-04a4-11ee-8cb0-e41f13b9c674
Discovery 2022-11-23
Entry 2023-06-06

cve@mitre.org reports:

qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.

References

CVE Name CVE-2022-45866
URL https://nvd.nist.gov/vuln/detail/CVE-2022-45866