Lucene search
PRIOn knowledge basePRION:CVE-2023-46122HistoryOct 23, 2023 - 4:15 p.m.
Code injection
2023-10-2316:15:00
PRIOn knowledge base
www.prio-n.com
3
sbt
build tool
vulnerability
patched
version 1.9.7
code injection
io.unzip
arbitrary file
overwrite
ssh authorized keys
pullremotecache
resolvers.remote
custom tasks
0.0004 Low
EPSS
Percentile
13.2%
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorized_keys. Within sbt’s main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however many projects use IO.unzip(...) directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.
Related
veracode
veracode
Arbitrary File Write
2023-10-24 04:47:27
cve
cve
CVE-2023-46122
2023-10-23 16:15:09
osv
osv
CVE-2023-46122
2023-10-23 16:15:09
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)
2023-10-24 01:51:04
openvas
openvas
openSUSE: Security Advisory for maven, maven (SUSE-SU-2023:4527-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4527-1)
2023-11-23 00:00:00
nvd
nvd
CVE-2023-46122
2023-10-23 16:15:09
github
github
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)
2023-10-24 01:51:04
nessus
nessus
cvelist
cvelist