Lucene search
DellCVELIST:CVE-2018-1263HistoryMay 09, 2018 - 12:00 a.m.
CVE-2018-1263
2018-05-0900:00:00
dell
www.cve.org
Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
CNA Affected
[
{
"product": "Spring Integration Zip",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.0.2"
}
]
}
]Related
veracode
veracode
Arbitrary File Write
2018-05-14 03:51:04
Arbitrary File Write
2018-05-10 06:14:04
Arbitrary File Rewrite
2021-03-02 05:03:40
osv
osv
spring-integration-zip Arbitrary File Write
2022-05-13 01:07:04
CVE-2018-1263
2018-05-15 20:29:00
Path traversal in org.springframework.integration:spring-integration-zip
2018-10-18 18:05:46
github
github
spring-integration-zip Arbitrary File Write
2022-05-13 01:07:04
Path traversal in org.springframework.integration:spring-integration-zip
2018-10-18 18:05:46
Path Traversal in Spring-integration-zip
2022-03-18 17:40:44
prion
prion
cve
cve
nvd
nvd
f5
f5
K23985340 : Spring Integration Zip vulnerability CVE-2018-1261
2018-05-29 00:00:00
cvelist
cvelist
CVE-2018-1261
2018-05-09 00:00:00
CVE-2021-22114
2021-03-01 17:23:42
checkpoint_advisories
checkpoint_advisories