Lucene search
OracleLinuxELSA-2023-6886HistoryNov 13, 2023 - 12:00 a.m.
plexus-archiver security update
2023-11-1300:00:00
linux.oracle.com
8
security update
symlink vulnerability
cve-2023-37460
unix
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
Low
EPSS
0.012
Percentile
85.8%
[0:2.4.2-6]
- Avoid override target symlink by standard file in AbstractUnArchiver
- Fixes: CVE-2023-37460
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | plexus-archiver | < 2.4.2-6.el7_9 | plexus-archiver-2.4.2-6.el7_9.src.rpm |
| oracle linux | 7 | noarch | plexus-archiver | < 2.4.2-6.el7_9 | plexus-archiver-2.4.2-6.el7_9.noarch.rpm |
| oracle linux | 7 | noarch | plexus-archiver-javadoc | < 2.4.2-6.el7_9 | plexus-archiver-javadoc-2.4.2-6.el7_9.noarch.rpm |
| oracle linux | 7 | src | plexus-archiver | < 2.4.2-6.el7_9 | plexus-archiver-2.4.2-6.el7_9.src.rpm |
| oracle linux | 7 | noarch | plexus-archiver | < 2.4.2-6.el7_9 | plexus-archiver-2.4.2-6.el7_9.noarch.rpm |
| oracle linux | 7 | noarch | plexus-archiver-javadoc | < 2.4.2-6.el7_9 | plexus-archiver-javadoc-2.4.2-6.el7_9.noarch.rpm |
Related
cbl_mariner
cbl_mariner
prion
prion
Design/Logic Flaw
2023-07-25 20:15:00
nessus
nessus
RHEL 7 : plexus-archiver (RHSA-2023:6886)
2023-11-13 00:00:00
Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2024-608)
2024-04-29 00:00:00
CentOS 7 : plexus-archiver (RHSA-2023:6886)
2024-01-09 00:00:00
cvelist
cvelist
redhatcve
redhatcve
CVE-2023-37460
2023-10-05 11:24:41
redhat
redhat
(RHSA-2023:6886) Important: plexus-archiver security update
2023-11-13 09:30:34
(RHSA-2023:6138) Important: Migration Toolkit for Runtimes security update
2023-10-26 10:04:08
ubuntucve
ubuntucve
CVE-2023-37460
2023-07-25 00:00:00
osv
osv
Arbitrary File Creation in AbstractUnArchiver
2023-07-25 17:20:43
CVE-2023-37460
2023-07-25 20:15:13
veracode
veracode
Arbitrary File Creation
2023-07-26 10:05:03
cve
cve
CVE-2023-37460
2023-07-25 20:15:13
nvd
nvd
CVE-2023-37460
2023-07-25 20:15:13
github
github
Arbitrary File Creation in AbstractUnArchiver
2023-07-25 17:20:43
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
Low
EPSS
0.012
Percentile
85.8%
Related for ELSA-2023-6886