CVE-2020-24654

Published September 2nd, 2020

View on NVD ↗

CVSS v3

3.3

LOW

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

KDE/ark

File archiver by KDE

GitHub

142