{"id":"CVE-2024-38824","details":"Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.","aliases":["GHSA-8pcp-r83j-fc92"],"modified":"2026-04-09T10:17:17.795853Z","published":"2025-06-13T08:15:18.800Z","related":["SUSE-SU-2025:02476-1","SUSE-SU-2025:02491-1","SUSE-SU-2025:02492-1","SUSE-SU-2025:02499-1","SUSE-SU-2025:02500-1","SUSE-SU-2025:02501-1","SUSE-SU-2025:02502-1","SUSE-SU-2025:02534-1","SUSE-SU-2025:20487-1","SUSE-SU-2025:20504-1","openSUSE-SU-2025:15295-1"],"references":[{"type":"ADVISORY","url":"https://docs.saltproject.io/en/3006/topics/releases/3006.12.html"},{"type":"ADVISORY","url":"https://docs.saltproject.io/en/3007/topics/releases/3007.4.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/saltstack/salt","events":[{"introduced":"86bb64dde27281d545ef46e1a42471a90c494197"},{"fixed":"1245edf4005768674f1e893cd3939de66bb8a731"},{"introduced":"31c9d0df191009207c72ea73abfd3a1e3a0e6425"},{"fixed":"619f4e26e71b3cbef89c115f37a2a976eb567264"}],"database_specific":{"versions":[{"introduced":"3006.0"},{"fixed":"3006.12"},{"introduced":"3007.0"},{"fixed":"3007.4"}]}}],"versions":["v3006.0","v3006.1","v3006.10","v3006.11","v3006.3","v3006.3_docs","v3006.5","v3006.7","v3006.8","v3006.9","v3007.0","v3007.1","v3007.2","v3007.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38824.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}