Lucene search
VmwareCVELIST:CVE-2021-22114HistoryMar 01, 2021 - 5:23 p.m.
CVE-2021-22114
2021-03-0117:23:42
vmware
www.cve.org
1
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
CNA Affected
[
{
"product": "Spring Integration Zip extension",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "spring-integration-zip versions prior to 1.0.4"
}
]
}
]References
Related
osv
osv
CVE-2021-22114
2021-03-01 18:15:19
Path Traversal in Spring-integration-zip
2022-03-18 17:40:44
spring-integration-zip Arbitrary File Write
2022-05-13 01:07:04
prion
prion
Path traversal
2021-03-01 18:15:00
Path traversal
2018-05-15 20:29:00
github
github
Path Traversal in Spring-integration-zip
2022-03-18 17:40:44
spring-integration-zip Arbitrary File Write
2022-05-13 01:07:04
nvd
nvd
CVE-2021-22114
2021-03-01 18:15:19
CVE-2018-1263
2018-05-15 20:29:00
veracode
veracode
Arbitrary File Rewrite
2021-03-02 05:03:40
Arbitrary File Write
2018-05-14 03:51:04
cve
cve
CVE-2021-22114
2021-03-01 18:15:19
CVE-2018-1263
2018-05-15 20:29:00
cvelist
cvelist
CVE-2018-1263
2018-05-09 00:00:00