Описание
QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needed |
| cosmic | not-affected | 0.7.6-1 |
| devel | not-affected | 0.7.6-1 |
| disco | not-affected | 0.7.6-1 |
| eoan | not-affected | 0.7.6-1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 0.7.6-1 |
| esm-apps/jammy | not-affected | 0.7.6-1 |
| esm-apps/noble | not-affected | 0.7.6-1 |
Показывать по
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing att ...
QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Уязвимость функции extractDir компонента JICompress библиотеки QuaZIP, позволяющая нарушителю выполнить произвольный код
EPSS
4.3 Medium
CVSS2
5.5 Medium
CVSS3