157 matches found
Cargo not respecting umask when extracting crate archives
The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed b...
CVE-2023-31483
tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive...
CVE-2023-30620
The CVE-2023-30620 issue affects MindsDB where an unsafe extraction using tarfile.extractall() on a remotely retrieved tarball can write extracted files to unintended locations (TarSlip/ZipSlip-like). Affected MindsDB versions allowed remote tarball extraction without path validation, enabling ar...
SUSE CVE-2002-0399
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a 1 "/.." or 2 "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267...
SUSE CVE-2011-4114
The parmktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE:...
SUSE CVE-2019-16680
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction...
junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting
Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem ...
GHSA-2RPM-4X8C-PVQG Improper Limitation of a Pathname to a Restricted Directory in Zip4j
zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
Arbitrary File Write via Archive Extraction in mholt/archiver
mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
CVE-2022-23596 Infinite loop in junrar
Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem ...
CVE-2021-23521
CVE-2021-23521 affects juce-framework/JUCE before 6.1.5. The vulnerability occurs when extracting a malicious archive containing a symbolic link: ZipFile::uncompressEntry can follow the link outside the target directory, allowing writing arbitrary files on the host and, in some cases, arbitrary c...
SharpZipLib 路径遍历漏洞
SharpZipLib ziplib, formerly known as NZipLib is an open source C compression and decompression library from the ICSharpCode Icsharpcode team for the .NET platform, which supports decompression and compression of Zip, GZip, BZip2, Tar and other formats. A security vulnerability exists in...
Maliciously Crafted Model Archive Can Lead To Arbitrary File Write
Impact An Archive Extraction Zip Slip vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file. Patches The vulnerability is fixed ...
nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite
The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted...
SharpCompress 路径遍历漏洞
SharpCompress is a pure C compression library. NET Standard 2.0, 2.1, .NET Core 3.1 and .NET 5.0. SharpCompress suffers from a path traversal vulnerability that stems from ExtractFullPath being set to true and SharpCompress recreating the directory hierarchy under destinationDirectory. An attacke...
UBUNTU-CVE-2021-32610
In ArchiveTar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193...
DEBIAN-CVE-2020-36314
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix...
GNOME file-roller 路径遍历漏洞
GNOME file-roller is a compressed file manager used in the GNOME desktop. A path traversal vulnerability exists in GNOME file-roller version 3.38.0 and prior versions, which stems from allowing directory traversal during extraction...
CVE-2021-28650
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplet...
Gnome gnome-autoar 后置链接漏洞
Gnome gnome-autoar is a component of the Gnome community that provides widgets and gschemas functionality for GNOME applications. A backward linking vulnerability exists in GNOME gnome-autoar before 0.3.1 that allows traversing directories during extraction because, in some complex cases, it does...