Control: tags -1 + confirmed On Thu, 2021-08-26 at 17:38 +0200, Jeroen Ploemen wrote: > The sabnzbdplus package has a security vulnerability, allowing a > directory escape in the renamer() function through malicious par2 > files. > > An attacker can create new files anywhere the privileges of the > sabnzbdplus process permit, but not overwrite or delete existing > files. >
Please go ahead. Regards, Adam
