Описание
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorized_keys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however many projects use IO.unzip(...) directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.
Ссылки
- Patch
- Issue TrackingPatch
- Patch
- ExploitPatchThird Party Advisory
- Patch
- Issue TrackingPatch
- Patch
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.0.0 (включая) до 1.9.7 (исключая)Версия от 0.3.4 (включая) до 1.9.7 (исключая)
Одно из
cpe:2.3:a:scala-sbt:io:*:*:*:*:*:sbt:*:*
cpe:2.3:a:scala-sbt:sbt:*:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00029
Низкий
3.9 Low
CVSS3
7.1 High
CVSS3
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 3.9
github
больше 2 лет назад
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)
EPSS
Процентиль: 8%
0.00029
Низкий
3.9 Low
CVSS3
7.1 High
CVSS3
Дефекты
CWE-22
CWE-22