Lucene search
GoogleOSV:GHSA-87VG-5PGX-PGGHHistoryMay 13, 2022 - 1:07 a.m.
spring-integration-zip Arbitrary File Write
2022-05-1301:07:04
Google
osv.dev
2
0.001 Low
EPSS
Percentile
20.4%
Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
References
Related
veracode
veracode
Arbitrary File Write
2018-05-14 03:51:04
Arbitrary File Write
2018-05-10 06:14:04
Arbitrary File Rewrite
2021-03-02 05:03:40
github
github
spring-integration-zip Arbitrary File Write
2022-05-13 01:07:04
Path traversal in org.springframework.integration:spring-integration-zip
2018-10-18 18:05:46
Path Traversal in Spring-integration-zip
2022-03-18 17:40:44
osv
osv
CVE-2018-1263
2018-05-15 20:29:00
Path traversal in org.springframework.integration:spring-integration-zip
2018-10-18 18:05:46
CVE-2018-1261
2018-05-11 20:29:00
cvelist
cvelist
prion
prion
cve
cve
nvd
nvd
f5
f5
K23985340 : Spring Integration Zip vulnerability CVE-2018-1261
2018-05-29 00:00:00
checkpoint_advisories
checkpoint_advisories