CNNVD-202601-016 Information
Jan 01, 2026
cve
CNNVD ID
CNNVD-202601-016
Related CVE
- CNNVD Published: 2026-01-01
Description (Chinese)
eopkg是GetSolus开源的一个包管理器。 eopkg 4.4.0之前版本存在安全漏洞,该漏洞源于恶意软件包可能逃逸–destdir设置的目录,导致文件被安装到主机上的其他位置。
Description (English)
eopkg is a package manager for GetSolus open source. There was a security loophole in the pre-eopkg 4.4.0, which resulted from the possible escape of the malicious software package - the directory set by destdir, which resulted in the file being installed at other locations on the mainframe.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
GetSolus
Published
2026-01-01
Last Modified
2026-02-24
References
https://github.com/getsolus/eopkg/commit/e7694323ed64e08b5b4b108fff273c64125cd39d https://github.com/getsolus/eopkg/pull/201 https://github.com/getsolus/eopkg/releases/tag/v4.4.0 https://github.com/getsolus/eopkg/security/advisories/GHSA-786v-47cq-qm6m
Patch
https://github.com/getsolus/eopkg/releases
Share on: