FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

devel/ocaml-opam -- CWE-24 Path Traversal: '../filedir'

Affected packages
ocaml-opam < 2.5.1

Details

VuXML ID 9b5d6fbb-4893-11f1-82bf-3c7c3fba4204
Discovery 2026-04-16
Entry 2026-05-05

https://github.com/ocaml/opam/releases/tag/2.5.1 reports:

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.

Reported by Andrew Nesbitt <andrewnez@gmail.com>.

[source]

References

CVE Name CVE-2026-41082
URL https://cveawg.mitre.org/api/cve/CVE-2026-41082

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.