CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

CVE-2020-2139

The CVE concerns Jenkins Cobertura Plugin versions 1.15 and earlier, where an arbitrary file write vulnerability lets attackers who can control the coverage report file contents overwrite arbitrary files on the Jenkins master filesystem. The root cause is the plugin’s path handling not preventing...

Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability (cisco-sa-20200226-fxos-cli-file)

According to its self-reported version, Cisco Firepower Extensible Operating System FXOS is affected by an arbitrary file read and write vulnerability in the CLI due to insufficient input validation. An authenticated, local attacker can exploit this, via crafted arguments on a specific CLI comman...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/yi-ge/unzip is a Golang .zip decompress package. This package is a fork from https://github.com/artdarek/go-unzip with added support for Symlinks. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview github.com/artdarek/go-unzip is a package go-unzip provides a very simple library to extract zip archive Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is possible during extraction due to no validation and...

CVE-2019-3696

A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise...

Arbitrary File Write

decompress is vulnerable to path traversal. The vulnerability exists due to a zip slip vulnerability. Improper handling of archives containing files that has ../ in its names allows the files to be written out of the intended path...

CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview madnest/madzipper is a Wannabe successor of Chumper/Zipper package for Laravel. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is possible during extraction due to no validation and sanitization of filenames. P...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview dariusiii/zipper is a Simple Wrapper around the ZipArchive methods with some handy functions. This package is an updated fork of Chumper/Zipper. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is possible during...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview chumper/zipper is a little neat helper for the ZipArchive methods with handy functions. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip. ZIP Path traversal is possible during extraction due to no validation and sanitization of...

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.19.0. Security Fixes: nodejs: HTTP request smuggling using malformed...

Jenkins Core Directory Traversal (CVE-2019-10352)

A directory traversal vulnerability exists in Jenkins Core. Successful exploitation of this vulnerability could lead to arbitrary file write, and potentially leading to remote code execution...

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...