Описание
Path traversal in ZIPFoundation
An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-39138
- https://github.com/weichsel/ZIPFoundation/issues/282
- https://blog.ostorlab.co/zip-packages-exploitation.html
- https://github.com/weichsel/ZIPFoundation/releases/tag/0.9.18
- https://ostorlab.co/vulndb/advisory/OVE-2023-4
- https://ostorlab.co/vulndb/advisory/OVE-2023-6
Пакеты
Наименование
github.com/weichsel/ZIPFoundation
Затронутые версииВерсия исправления
<= 0.9.17
0.9.18
Связанные уязвимости
CVSS3: 7.8
nvd
больше 2 лет назад
An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file.