Описание
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | zt-zip | Affected | ||
| Red Hat JBoss BRMS 6 | zt-zip | Affected |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1584395zt-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
EPSS
Процентиль: 83%
0.01877
Низкий
6.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.5
nvd
больше 7 лет назад
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS3: 5.5
github
больше 3 лет назад
Improper Limitation of a Pathname to a Restricted Directory in zt-zip
EPSS
Процентиль: 83%
0.01877
Низкий
6.3 Medium
CVSS3