Описание
mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Ссылки
- Issue TrackingPatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0 (включая)
cpe:2.3:a:archiver_project:archiver:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02615
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 5.5
github
почти 4 года назад
Arbitrary File Write via Archive Extraction in mholt/archiver
EPSS
Процентиль: 85%
0.02615
Низкий
5.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-22
CWE-22