Описание
Improper Limitation of a Pathname to a Restricted Directory in WildFly
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-10862
- https://access.redhat.com/errata/RHSA-2018:2276
- https://access.redhat.com/errata/RHSA-2018:2277
- https://access.redhat.com/errata/RHSA-2018:2279
- https://access.redhat.com/errata/RHSA-2018:2423
- https://access.redhat.com/errata/RHSA-2018:2424
- https://access.redhat.com/errata/RHSA-2018:2425
- https://access.redhat.com/errata/RHSA-2018:2428
- https://access.redhat.com/errata/RHSA-2018:2643
- https://access.redhat.com/errata/RHSA-2019:0877
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862
- https://snyk.io/research/zip-slip-vulnerability
Пакеты
org.wildfly.core:wildfly-server
<= 6.0.0.Alpha2
6.0.0.Alpha3
Связанные уязвимости
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
WildFly Core before version 6.0.0.Alpha3 does not properly validate fi ...