Lucene search
+L

250 matches found

OSV
OSV
added 2018/10/17 7:54 p.m.11 views

GHSA-RHQ2-2574-78MC Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

7.5CVSS7.2AI score0.02674EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2018/10/17 7:54 p.m.10 views

cn.bjdd301:core-mvc (=1.0.0), cn.pa4j:act-nutzdao (=1.0) +67 more potentially affected by CVE-2018-17297 via cn.hutool:hutool-all (>=4.0.1 <=4.1.1)

cn.hutool:hutool-all MAVEN version =4.0.1, =1.0.0, =0.0.1, =0.5, =1.0.0, =1.1.0 and more Source cves: CVE-2018-17297 Source advisory: OSV:GHSA-RHQ2-2574-78MC...

7.5CVSS7AI score0.02674EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/10/17 7:54 p.m.33 views

Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

7.5CVSS6.2AI score0.02674EPSS
Exploits0References3Affected Software3
GitLab Advisory Database
GitLab Advisory Database
added 2018/10/17 12:0 a.m.76 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

7.5CVSS6.3AI score0.02674EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2018/10/17 12:0 a.m.76 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

7.5CVSS6.3AI score0.02674EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2018/09/24 2:0 a.m.18 views

Directory Traversal

hutool-core is vulnerable to directory traversal. There is a lack of validation in the filenme when a ZIP archive is unzipped, which would allow remote attackers to overwrite arbitrary files using the ../ characters in a filename within the ZIP archive...

7.5CVSS7.4AI score0.02674EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/09/21 7:29 a.m.4 views

CVE-2018-17297

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

7.5CVSS5.9AI score0.02674EPSS
Exploits0References1
NVD
NVD
added 2018/09/21 7:29 a.m.45 views

CVE-2018-17297

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

7.5CVSS7.5AI score0.02674EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/09/21 6:0 a.m.46 views

CVE-2018-17297

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

7.5AI score0.02674EPSS
Exploits0References1
CVE
CVE
added 2018/09/21 6:0 a.m.70 views

CVE-2018-17297

The vulnerability CVE-2018-17297 affects Hutool’s ZipUtil unzip implementation prior to 4.1.12, where directory traversal in a ZIP entry filename can overwrite arbitrary files. This is triggered during extraction of ZIP archives and has potential to impact file integrity on the host system. Affec...

7.5CVSS7.4AI score0.02674EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder