Описание
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needed |
| cosmic | not-affected | 3.6.0-2 |
| devel | not-affected | 3.6.0-2 |
| disco | not-affected | 3.6.0-2 |
| eoan | not-affected | 3.6.0-2 |
| esm-apps/bionic | released | 3.5-2ubuntu0.1~esm1 |
| esm-apps/focal | not-affected | 3.6.0-2 |
| esm-apps/jammy | not-affected | 3.6.0-2 |
| esm-apps/xenial | released | 2.2-1+deb9u1build0.16.04.1 |
Показывать по
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
plexus-archiver before 3.6.0 is vulnerable to directory traversal, all ...
Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
ELSA-2018-1836: plexus-archiver security update (IMPORTANT)
4.3 Medium
CVSS2
5.5 Medium
CVSS3