Описание
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | perl-Archive-Zip | Will not fix | ||
| Red Hat Enterprise Linux 6 | perl-Archive-Zip | Will not fix | ||
| Red Hat Enterprise Linux 7 | perl-Archive-Zip | Will not fix | ||
| Red Hat Enterprise Linux 8 | perl-Archive-Zip | Not affected | ||
| Red Hat Software Collections | rh-perl520-perl-Archive-Tar | Will not fix | ||
| Red Hat Software Collections | rh-perl524-perl-Archive-Tar | Out of support scope | ||
| Red Hat Software Collections | rh-perl526-perl-Archive-Tar | Will not fix | ||
| Red Hat Software Collections | rh-perl530-perl-Archive-Tar | Not affected |
Показывать по
Дополнительная информация
Статус:
5.4 Medium
CVSS3
Связанные уязвимости
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
perl-archive-zip is vulnerable to a directory traversal in Archive::Zi ...
5.4 Medium
CVSS3