Key Information Vulnerability Overview CVE ID: CVE-2024-4981 Vulnerability Type: Security Vulnerability Component: vulnerability Priority: High Severity: High Affected Scope Product: Security Response Version: unspecified Hardware: All Operating System: Linux Reporting and Fix Reported Time: 2024-05-15 22:51 UTC Reporter: Nick Tait Modified Time: 2024-06-07 18:00 UTC Last Closed Time: 2024-06-07 18:00:48 UTC Vulnerability Description In , the method allows direct file updates in Pagure repositories via the web interface. This method clones the repository into a temporary folder, performs write operations, commits changes, and then pushes them back to the original default branch or a new branch. Vulnerability Details Issue: The code lacks sufficient safeguards when handling symbolic links. If points to a symbolic link, will follow it, enabling access to paths outside the temporary clone directory. Affected Versions: 0.1.11 and later versions Verification: Exploitable in the latest development version Exploitation Steps 1. Create a new repository 2. Clone locally 3. Run command to create a file 4. Commit and push back to Pagure 5. Edit the file via web interface 6. Enter content in the text area and submit changes 7. Observe file being created on the server Actual Result When is called, an attacker can write to arbitrary paths via symbolic links (as long as the system git has permissions to the target path). Mitigation Recommendation The call should only be executed if the target of the symbolic link resides within the temporary clone directory. Using is more appropriate.