Lucene search
K

157 matches found

Github Security Blog
Github Security Blog
added 2023/08/03 4:30 p.m.28 views

Cargo not respecting umask when extracting crate archives

The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed b...

7.9CVSS6.8AI score0.00763EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2023/04/28 11:15 p.m.18 views

CVE-2023-31483

tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive...

7.5CVSS7.4AI score0.00989EPSS
Exploits1References2
CVE
CVE
added 2023/04/21 8:11 p.m.66 views

CVE-2023-30620

The CVE-2023-30620 issue affects MindsDB where an unsafe extraction using tarfile.extractall() on a remotely retrieved tarball can write extracted files to unintended locations (TarSlip/ZipSlip-like). Affected MindsDB versions allowed remote tarball extraction without path validation, enabling ar...

7.5CVSS7.4AI score0.01EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.2 views

SUSE CVE-2002-0399

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a 1 "/.." or 2 "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267...

5CVSS7.1AI score0.03589EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.3 views

SUSE CVE-2011-4114

The parmktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE:...

3.3CVSS6.5AI score0.00342EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.4 views

SUSE CVE-2019-16680

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction...

3.9CVSS7.1AI score0.02132EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.2 views

junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting

Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem ...

7.5CVSS5.8AI score0.01632EPSS
Exploits1References4
OSV
OSV
added 2022/05/13 1:35 a.m.4 views

GHSA-2RPM-4X8C-PVQG Improper Limitation of a Pathname to a Restricted Directory in Zip4j

zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

6.5CVSS6AI score0.13088EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.31 views

Arbitrary File Write via Archive Extraction in mholt/archiver

mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS5.9AI score0.0253EPSS
Exploits1References7Affected Software1
Vulnrichment
Vulnrichment
added 2022/02/01 11:52 a.m.5 views

CVE-2022-23596 Infinite loop in junrar

Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem ...

7.5CVSS7.5AI score0.01632EPSS
Exploits1References3
CVE
CVE
added 2022/01/31 10:50 a.m.77 views

CVE-2021-23521

CVE-2021-23521 affects juce-framework/JUCE before 6.1.5. The vulnerability occurs when extracting a malicious archive containing a symbolic link: ZipFile::uncompressEntry can follow the link outside the target directory, allowing writing arbitrary files on the host and, in some cases, arbitrary c...

7.8CVSS6.8AI score0.00544EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/01/26 12:0 a.m.4 views

SharpZipLib 路径遍历漏洞

SharpZipLib ziplib, formerly known as NZipLib is an open source C compression and decompression library from the ICSharpCode Icsharpcode team for the .NET platform, which supports decompression and compression of Zip, GZip, BZip2, Tar and other formats. A security vulnerability exists in...

9.8CVSS8.6AI score0.01959EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/10/22 4:19 p.m.47 views

Maliciously Crafted Model Archive Can Lead To Arbitrary File Write

Impact An Archive Extraction Zip Slip vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file. Patches The vulnerability is fixed ...

7.3CVSS1.9AI score0.00734EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2021/09/21 1:22 p.m.5 views

nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite

The npm package "tar" aka node-tar has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted...

8.2CVSS7.4AI score0.07795EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/09/16 12:0 a.m.3 views

SharpCompress 路径遍历漏洞

SharpCompress is a pure C compression library. NET Standard 2.0, 2.1, .NET Core 3.1 and .NET 5.0. SharpCompress suffers from a path traversal vulnerability that stems from ExtractFullPath being set to true and SharpCompress recreating the directory hierarchy under destinationDirectory. An attacke...

4.3CVSS5.6AI score0.01154EPSS
Exploits1References4
OSV
OSV
added 2021/07/27 12:0 a.m.4 views

UBUNTU-CVE-2021-32610

In ArchiveTar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193...

7.1CVSS7.1AI score0.73377EPSS
Exploits0References6
OSV
OSV
added 2021/04/07 12:15 p.m.0 views

DEBIAN-CVE-2020-36314

fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix...

3.9CVSS4.8AI score0.00611EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/04/07 12:0 a.m.4 views

GNOME file-roller 路径遍历漏洞

GNOME file-roller is a compressed file manager used in the GNOME desktop. A path traversal vulnerability exists in GNOME file-roller version 3.38.0 and prior versions, which stems from allowing directory traversal during extraction...

3.9CVSS4.9AI score0.00611EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2021/03/17 6:15 a.m.5 views

CVE-2021-28650

autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplet...

5.5CVSS5.4AI score0.00639EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/03/17 12:0 a.m.2 views

Gnome gnome-autoar 后置链接漏洞

Gnome gnome-autoar is a component of the Gnome community that provides widgets and gschemas functionality for GNOME applications. A backward linking vulnerability exists in GNOME gnome-autoar before 0.3.1 that allows traversing directories during extraction because, in some complex cases, it does...

5.5CVSS6.9AI score0.00528EPSS
Exploits0References11
Rows per page
Query Builder