nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147
contains a Directory Traversal vulnerability in NSE script http-fetch that
can result in file overwrite as the user is running it. This attack appears
to be exploitable via a victim that runs NSE script http-fetch against a
malicious web site. This vulnerability appears to have been fixed in 7.7.
Source: nmap (LP Ubuntu Debian)
Upstream:released (7.70+dfsg1-1)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
More Information

Updated: 2020-09-09 21:41:53 UTC (commit b67d7d8b03f173f825cd706df5bd078bca500b0e)