Statement on CVE-2018-10115
zelon88 opened this issue · comments
Justin Grimes commented
CVE-2018-10115 affects the HRCloud2 dependency 7zipper, so I figured I should evaluate it's impact on the project.
It appears that since HRC2 uses 7z in a headless way within a Linux environment that the conditions for exploitation of CVE-2018-10115 do not exist.
Still, it is highly recommended that users update 7z to v18.05 ASAP to avoid unnecessary risk to their servers and data.