Lucene search

GitHub Advisory DatabaseGHSA-RHH4-RH7C-7R5V

HistoryApr 06, 2024 - 6:31 p.m.

Archiver Path Traversal vulnerability

2024-04-0618:31:17

CWE-22

GitHub Advisory Database

github.com

archiver

path traversal

tar file

restricted access

file overwriting

privilege escalation

security flaw

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

AI Score

6.9

Confidence

Low

EPSS

Percentile

10.5%

JSON

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user’s or application’s privileges using the library.

Affected configurations

Vulners

Node

mholtarchiverRange3.0.0–3.5.1

VendorProductVersionCPE
mholtarchiver*cpe:2.3:a:mholt:archiver:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mholt	archiver	*	cpe:2.3:a:mholt:archiver::::::::

References

access.redhat.com/security/cve/CVE-2024-0406

bugzilla.redhat.com/show_bug.cgi?id=2257749

github.com/advisories/GHSA-rhh4-rh7c-7r5v

nvd.nist.gov/vuln/detail/CVE-2024-0406

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

AI Score

6.9

Confidence

Low

EPSS

Percentile

10.5%

JSON

Related for GHSA-RHH4-RH7C-7R5V