Note:
This project will be discontinued after December 13, 2021. [more]
2020-03-23
Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service.
Products | Zim |
Type | Improper Input Validation (CWE-20) |
First patch | - None (likely due to unavailable code) |
Links | https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028 |