Lucene search
HistoryAug 30, 2023 - 10:15 p.m.
CVE-2023-39137
archive
v3.3.7
vulnerability
zip
filename spoofing
parsing
nvd
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.1%
An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing.
Affected configurations
Node
archive_projectarchiveMatch3.3.7
| CPE | Name | Operator | Version |
|---|---|---|---|
| archive_project:archive | archive project archive | eq | 3.3.7 |
Related
osv
osv
CVE-2023-39137
2023-08-30 22:15:09
Filename spoofing in archive
2023-08-31 00:30:17
github
github
Filename spoofing in archive
2023-08-31 00:30:17
cvelist
cvelist
CVE-2023-39137
2023-08-30 00:00:00
prion
prion
Design/Logic Flaw
2023-08-30 22:15:00
nvd
nvd
CVE-2023-39137
2023-08-30 22:15:09
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.1%
Related for CVE-2023-39137