Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-3D6D6E0189F6BA2A24C88DFE81BEF903

HistoryAug 31, 2023 - 12:00 a.m.

Path traversal in ZIPFoundation

2023-08-3100:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

zipfoundation

path traversal

security issue

software vulnerability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

JSON

An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file.

Affected configurations

Vulners

Node

swiftzipfoundationRange<0.9.18

VendorProductVersionCPE
swiftzipfoundation*cpe:2.3:a:swift:zipfoundation:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
swift	zipfoundation	*	cpe:2.3:a:swift:zipfoundation::::::::

References

blog.ostorlab.co/zip-packages-exploitation.html

github.com/advisories/GHSA-c2cc-3569-6jh2

github.com/weichsel/ZIPFoundation

github.com/weichsel/ZIPFoundation/issues/282

github.com/weichsel/ZIPFoundation/releases/tag/0.9.18

nvd.nist.gov/vuln/detail/CVE-2023-39138

ostorlab.co/vulndb/advisory/OVE-2023-4

ostorlab.co/vulndb/advisory/OVE-2023-6

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

JSON

Related for GITLAB-3D6D6E0189F6BA2A24C88DFE81BEF903