Lucene search

K

PRIOn knowledge basePRION:CVE-2018-1002200

HistoryJul 25, 2018 - 5:29 p.m.

Directory traversal

2018-07-2517:29:00

PRIOn knowledge base

www.prio-n.com

6

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a …/ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as ‘Zip-Slip’.

CPENameOperatorVersion
plexus-archiverlt3.6.0
debian_linuxeq8.0
debian_linuxeq9.0
enterprise_linuxeq7.5
enterprise_linux_desktopeq7.0
enterprise_linux_workstationeq7.0

References

access.redhat.com/errata/RHSA-2018:1836

access.redhat.com/errata/RHSA-2018:1837

github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8

github.com/codehaus-plexus/plexus-archiver/pull/87

github.com/snyk/zip-slip-vulnerability

snyk.io/research/zip-slip-vulnerability

snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680

www.debian.org/security/2018/dsa-4227

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

Related for PRION:CVE-2018-1002200

centos1 debian2 nvd1 openvas6 github1 nessus11 cvelist1 fedora2 oraclelinux1 redhatcve1 mageia1 osv4 cve1 amazon1 debiancve1 veracode2 redhat2 ubuntucve1 ubuntu1 f51 checkpoint_advisories1