Lucene search
GoogleOSV:GHSA-HCXQ-X77Q-3469HistoryMay 13, 2022 - 1:35 a.m.
Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
2022-05-1301:35:03
Google
osv.dev
9
0.001 Low
EPSS
Percentile
47.8%
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a …/ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as ‘Zip-Slip’.
References
access.redhat.com/errata/RHSA-2018:1836
access.redhat.com/errata/RHSA-2018:1837
github.com/codehaus-plexus/plexus-archiver
github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8
github.com/codehaus-plexus/plexus-archiver/pull/87
github.com/snyk/zip-slip-vulnerability
nvd.nist.gov/vuln/detail/CVE-2018-1002200
snyk.io/research/zip-slip-vulnerability
snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680
www.debian.org/security/2018/dsa-4227
Related
centos
centos
plexus security update
2018-06-14 15:10:15
debian
debian
[SECURITY] [DSA 4227-1] plexus-archiver security update
2018-06-12 20:48:27
[SECURITY] [DSA 4227-1] plexus-archiver security update
2018-06-12 20:48:27
prion
prion
Directory traversal
2018-07-25 17:29:00
nvd
nvd
CVE-2018-1002200
2018-07-25 17:29:00
openvas
openvas
Fedora Update for plexus-archiver FEDORA-2018-6c55e1f79c
2018-06-15 00:00:00
Mageia: Security Advisory (MGASA-2019-0005)
2022-01-28 00:00:00
Fedora Update for plexus-archiver FEDORA-2018-7a9a2f6ec0
2018-06-15 00:00:00
github
github
nessus
nessus
Fedora 27 : plexus-archiver (2018-6c55e1f79c)
2018-06-15 00:00:00
Amazon Linux 2 : plexus-archiver (ALAS-2018-1043)
2018-06-29 00:00:00
cvelist
cvelist
CVE-2018-1002200
2018-07-25 17:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: plexus-archiver-3.4-4.fc27
2018-06-14 18:18:27
[SECURITY] Fedora 28 Update: plexus-archiver-3.5-6.fc28
2018-06-14 19:18:19
cve
cve
CVE-2018-1002200
2018-07-25 17:29:00
amazon
amazon
Important: plexus-archiver
2018-06-20 19:57:00
debiancve
debiancve
CVE-2018-1002200
2018-07-25 17:29:00
veracode
veracode
Arbitrary File Write
2019-01-15 09:24:24
Arbitrary File Write
2018-06-06 05:02:44
redhat
redhat
oraclelinux
oraclelinux
plexus-archiver security update
2018-06-12 00:00:00
redhatcve
redhatcve
CVE-2018-1002200
2020-01-19 03:31:31
mageia
mageia
Updated plexus-archiver packages fix security vulnerability
2019-01-05 21:30:16
osv
osv
plexus-archiver - security update
2018-06-12 00:00:00
CVE-2018-1002200
2018-07-25 17:29:00
plexus-archiver vulnerability
2021-03-15 22:16:53
ubuntucve
ubuntucve
CVE-2018-1002200
2018-07-25 00:00:00
ubuntu
ubuntu
Plexus Archiver vulnerability
2021-03-15 00:00:00
f5
f5
K64709522 : Multiple Zip Slip vulnerabilities
2018-08-03 00:00:00
checkpoint_advisories
checkpoint_advisories