Описание
workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb).
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code nor present |
| esm-apps/bionic | not-affected | code nor present |
| esm-apps/xenial | needed | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
10
EPSS
Процентиль: 41%
0.00195
Низкий
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
около 3 лет назад
workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb).
github
около 3 лет назад
workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb).
EPSS
Процентиль: 41%
0.00195
Низкий
6.5 Medium
CVSS3