Описание
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Ссылки
- ExploitThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.13 (исключая)
cpe:2.3:a:jrebel:zt-zip:*:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01877
Низкий
5.5 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 6.3
redhat
больше 7 лет назад
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS3: 5.5
github
больше 3 лет назад
Improper Limitation of a Pathname to a Restricted Directory in zt-zip
EPSS
Процентиль: 83%
0.01877
Низкий
5.5 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-22
CWE-22