Lucene search

K
osvGoogleOSV:GHSA-3V6H-HQM4-2RG6
HistoryJul 27, 2018 - 5:07 p.m.

Arbitrary File Write in adm-zip

2018-07-2717:07:14
Google
osv.dev
12

0.001 Low

EPSS

Percentile

47.6%

Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames (../../file.txt for example).

Recommendation

Update to version 0.4.9 or later.

CPENameOperatorVersion
adm-ziplt0.4.11

0.001 Low

EPSS

Percentile

47.6%