ArchLinux: 201903-10: wordpress: directory traversal
Summary
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
Resolution
Upgrade to 5.1-1.
# pacman -Syu "wordpress>=5.1-1"
The problem has been fixed upstream in version 5.1.
References
https://www.sonarsource.com/blog/ https://security.archlinux.org/CVE-2019-8943
Workaround
None.