Lucene search
PRIOn knowledge basePRION:CVE-2018-1263HistoryMay 15, 2018 - 8:29 p.m.
Path traversal
2018-05-1520:29:00
PRIOn knowledge base
www.prio-n.com
8
Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
| CPE | Name | Operator | Version |
|---|---|---|---|
| spring_integration_zip | lt | 1.0.2 |
Related
veracode
veracode
Arbitrary File Write
2018-05-14 03:51:04
Arbitrary File Write
2018-05-10 06:14:04
Arbitrary File Rewrite
2021-03-02 05:03:40
osv
osv
spring-integration-zip Arbitrary File Write
2022-05-13 01:07:04
CVE-2018-1263
2018-05-15 20:29:00
Path traversal in org.springframework.integration:spring-integration-zip
2018-10-18 18:05:46
github
github
spring-integration-zip Arbitrary File Write
2022-05-13 01:07:04
Path traversal in org.springframework.integration:spring-integration-zip
2018-10-18 18:05:46
Path Traversal in Spring-integration-zip
2022-03-18 17:40:44
cvelist
cvelist
cve
cve
nvd
nvd
f5
f5
K23985340 : Spring Integration Zip vulnerability CVE-2018-1261
2018-05-29 00:00:00
prion
prion
Path traversal
2018-05-11 20:29:00
Path traversal
2021-03-01 18:15:00
checkpoint_advisories
checkpoint_advisories