Lucene search

VulDBCVELIST:CVE-2020-36628

HistoryDec 25, 2022 - 10:19 a.m.

CVE-2020-36628 Calsign APDE ZIP File CopyBuildTask.java handleExtract path traversal

2022-12-2510:19:53

CWE-22

VulDB

www.cve.org

calsign apde

zip file handler

path traversal

vulnerability

upgrade

CVSS3

5.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

58.7%

JSON

A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747.

CNA Affected

[
  {
    "vendor": "Calsign",
    "product": "APDE",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ],
    "modules": [
      "ZIP File Handler"
    ]
  }
]

References

github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf

github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha

vuldb.com/?id.216747