{"id":"PYSEC-2018-105","details":"Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3.","aliases":["CVE-2017-15914","GHSA-8q8v-28rm-qw4w"],"modified":"2024-04-29T14:42:11.725001Z","published":"2018-02-08T23:29:00Z","references":[{"type":"WEB","url":"http://borgbackup.readthedocs.io/en/stable/changes.html#version-1-1-3-2017-11-27"}],"affected":[{"package":{"name":"borgbackup","ecosystem":"PyPI","purl":"pkg:pypi/borgbackup"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.1.0b1"},{"fixed":"1.1.3"}]}],"versions":["1.1.0","1.1.0b1","1.1.0b2","1.1.0b3","1.1.0b4","1.1.0b5","1.1.0b6","1.1.0rc1","1.1.0rc2","1.1.0rc3","1.1.0rc4","1.1.1","1.1.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/borgbackup/PYSEC-2018-105.yaml"}}],"schema_version":"1.7.3"}