Path Traversal in OWASP Dependency-Check

2022-05-1403:12:09

Google

osv.dev

0.001 Low

EPSS

Percentile

29.6%

JSON

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.

CPENameOperatorVersion
org.owasp:dependency-check-maveneq1.0.5
org.owasp:dependency-check-maveneq1.1.1
org.owasp:dependency-check-maveneq1.2.0
org.owasp:dependency-check-maveneq1.3.0
org.owasp:dependency-check-maveneq1.3.4
org.owasp:dependency-check-maveneq1.2.3
org.owasp:dependency-check-maveneq3.1.0
org.owasp:dependency-check-maveneq1.1.4
org.owasp:dependency-check-maveneq1.3.1
org.owasp:dependency-check-maveneq1.4.2

Name	Operator	Version
org.owasp:dependency-check-maven	eq	1.0.5
org.owasp:dependency-check-maven	eq	1.1.1
org.owasp:dependency-check-maven	eq	1.2.0
org.owasp:dependency-check-maven	eq	1.3.0
org.owasp:dependency-check-maven	eq	1.3.4
org.owasp:dependency-check-maven	eq	1.2.3
org.owasp:dependency-check-maven	eq	3.1.0
org.owasp:dependency-check-maven	eq	1.1.4
org.owasp:dependency-check-maven	eq	1.3.1
org.owasp:dependency-check-maven	eq	1.4.2