Lucene search
GoogleOSV:GHSA-VW83-H3MQ-3QWJHistoryMar 18, 2022 - 5:40 p.m.
Path Traversal in Spring-integration-zip
2022-03-1817:40:44
Google
osv.dev
9
0.001 Low
EPSS
Percentile
40.8%
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
Related
cvelist
cvelist
CVE-2021-22114
2021-03-01 17:23:42
CVE-2018-1263
2018-05-09 00:00:00
osv
osv
CVE-2021-22114
2021-03-01 18:15:19
CVE-2018-1263
2018-05-15 20:29:00
spring-integration-zip Arbitrary File Write
2022-05-13 01:07:04
veracode
veracode
Arbitrary File Rewrite
2021-03-02 05:03:40
Arbitrary File Write
2018-05-14 03:51:04
cve
cve
CVE-2021-22114
2021-03-01 18:15:19
CVE-2018-1263
2018-05-15 20:29:00
prion
prion
Path traversal
2021-03-01 18:15:00
Path traversal
2018-05-15 20:29:00
github
github
Path Traversal in Spring-integration-zip
2022-03-18 17:40:44
spring-integration-zip Arbitrary File Write
2022-05-13 01:07:04
nvd
nvd
CVE-2021-22114
2021-03-01 18:15:19
CVE-2018-1263
2018-05-15 20:29:00