exploitDog

GHSA-xq4j-x39q-xhqm

Опубликовано: 20 фев. 2026

Источник: github

Github: Не прошло ревью

CVSS3: 8.2

Описание

A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.

A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.

Ссылки

EPSS

Процентиль: 25%

0.00087

Низкий

8.2 High

CVSS3

CVE ID

Дефекты

CWE-23

Связанные уязвимости

CVE-2026-2818

CVSS3: 7.1

redhat

около 1 месяца назад

A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.

CVE-2026-2818

CVSS3: 8.2

nvd

около 1 месяца назад

A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.

EPSS

Процентиль: 25%

0.00087

Низкий

8.2 High

CVSS3

CVE ID

Дефекты

CWE-23