Upstream information

CVE-2018-12907 at MITRE

Description

In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a "RESTLESS" issue.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having not set severity.

SUSE Bugzilla entry: 1099926

No SUSE Security Announcements cross referenced.