GoogleOSV:GHSA-XR8X-PXM6-PRJGMITM based Zip Slip in `org.hl7.fhir.publisher:org.hl7.fhir.publisher`
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.8%
Impact
MITM can enable Zip-Slip.
Vulnerability
Vulnerability 1: Publisher.java
There is no validation that the zip file being unpacked has entries that are not maliciously writing outside of the intended destination directory.
Vulnerability 2: WebSourceProvider.java
There is a check for malicious zip entries here, but it is not covered by test cases and could potentially be reverted in future changes.
Vulnerability 3: ZipFetcher.java
This retains the path for Zip files in FetchedFile entries, which could later be used to output malicious entries to another compressed file or file system.
Vulnerability 4: IGPack2NpmConvertor.java
The loadZip method retains the path for entries in the zip file, which could later be used to output malicious entries to another compressed file or file system.
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.8%