7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
19.7%
An issue in Archive v3.3.7 allows attackers to execute a path traversal via extracting a crafted zip file.
blog.ostorlab.co/zip-packages-exploitation.html
github.com/brendan-duncan/archive
github.com/brendan-duncan/archive/commit/6de492385d72af044231c4163dff13a43d991c83
github.com/brendan-duncan/archive/commit/edb0d480733a44d28ff3d5e4e2779153ba645ce7
github.com/brendan-duncan/archive/issues/265
nvd.nist.gov/vuln/detail/CVE-2023-39139
ostorlab.co/vulndb/advisory/OVE-2023-5