CVE-2019-5429

Severity CVSS v4.0:
Pending analysis
Type:
CWE-426 Untrusted Search Path
Publication date:
29/04/2019
Last modified:
07/11/2023

Description

Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:* 3.41.0 (excluding)
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*