Lucene search
K

94 matches found

CNNVD
CNNVD
added 2025/01/29 12:0 a.m.8 views

Deep Java Library 安全漏洞

Deep Java Library is an open source, high-level, engine-independent deep learning Java framework from Deep Java Library Open Source. A security vulnerability exists in Deep Java Library versions prior to 0.31.1, which stems from a path traversal issue in ZipUtils.unzip and TarUtils.untar that...

9.8CVSS9AI score0.23267EPSS
Exploits0References3
Huntr
Huntr
added 2024/11/17 1:57 p.m.7 views

Arbitrary File Overwrite & RCE via Tarfile Path Traversal

Description The DJL package utilizes an untar function, for example, when downloading and saving models. Additionally, the untar function overwrites existing files. Therefore, the untar method includes the following two security measures to prevent misuse of its functionality. 1. Security measure...

7.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2024/06/04 1:16 p.m.4 views

SUSE CVE-2019-1002101

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user's machine. If the tar binary in the container is malicious, it could r...

5.3CVSS6.3AI score0.13164EPSS
Exploits2References5
OSV
OSV
added 2024/03/06 11:0 a.m.18 views

BIT-JENKINS-2021-21689

FilePathunzip and FilePathuntar were not subject to any agent-to-controller access control in Jenkins LTS 2.303.2 and earlier...

9.1CVSS9.3AI score0.01416EPSS
Exploits0References2
Veracode
Veracode
added 2023/07/21 1:58 a.m.27 views

Path Traversal

org.openrefine is vulnerable to Path Traversal. The vulnerability exists because the OpenRefine project tar files are not properly escaping their root directory in the untar function of FileProjectManager.java, which allows an attacker to access files outside the expected directory using relative...

7.8CVSS7.1AI score0.00632EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/08 12:0 a.m.10 views

The vulnerability of the API FileUtil.unTar(file, file) implementation in the Apache Hadoop distributed development and execution platform allows a attacker to execute arbitrary commands.

The vulnerability of the API FileUtil.unTarfile, file implementation in the Apache Hadoop distributed development and execution platform is related to the introduction or modification of arguments. Exploiting this vulnerability may allow a malicious actor to execute arbitrary commands remotely...

10CVSS8.2AI score0.03393EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/08/05 12:0 a.m.12 views

GHSA-8WM5-8H9C-47PC Apache Hadoop argument injection vulnerability

Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...

9.8CVSS7.5AI score0.03393EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/08/05 12:0 a.m.61 views

Apache Hadoop argument injection vulnerability

Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...

9.8CVSS2.1AI score0.03393EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2022/08/04 12:0 a.m.4 views

Apache Hadoop 操作系统命令注入漏洞

Apache Hadoop is an open source distributed system infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. Apache Hadoop has a security vulnerability that stems from its...

9.8CVSS5.8AI score0.03393EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/08/04 12:0 a.m.4 views

PT-2022-3981

Name of the Vulnerable Software and Affected Versions Apache Hadoop versions prior to 2.10.2 Apache Hadoop versions prior to 3.2.4 Apache Hadoop versions prior to 3.3.3 Description The issue is related to the FileUtil.unTarFile, File API in Apache Hadoop, which does not escape the input file name...

10CVSS9.9AI score0.04176EPSS
Exploits1References15
BDU FSTEC
BDU FSTEC
added 2022/05/11 12:0 a.m.9 views

The vulnerability in the implementation of the unTar() function for the distributed development and execution platform of Apache Hadoop allows a hacker to write arbitrary files.

The vulnerability of the unTar function implementation in the distributed development and execution platform for Apache Hadoop is related to deficiencies in checking the path name of the restricted-access directory. Exploiting this vulnerability could allow an attacker to write arbitrary files...

10CVSS8AI score0.04176EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/08 12:0 a.m.31 views

Path traversal in Hadoop

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an...

9.8CVSS9.1AI score0.04176EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2022/04/07 7:15 p.m.23 views

CVE-2022-26612

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an...

9.8CVSS0.04176EPSS
Exploits1References2
Prion
Prion
added 2022/04/07 7:15 p.m.22 views

Xxe

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an...

7.5CVSS9.1AI score0.04176EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/04/07 6:20 p.m.236 views

CVE-2022-26612

CVE-2022-26612 affects Apache Hadoop. The vulnerability arises during TAR extraction: Hadoop’s unTar uses unTarUsingJava on Windows and the built-in tar utility on other OSes, allowing a TAR entry to create a symlink pointing outside the extraction directory. A following TAR entry can write arbit...

9.8CVSS9.2AI score0.04176EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/04/07 6:20 p.m.29 views

CVE-2022-26612 Arbitrary file write in FileUtil#unpackEntries on Windows

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an...

9.8CVSS7.2AI score0.04176EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/03/07 12:0 a.m.7 views

PT-2022-2441 · Apache · Apache Hadoop

Name of the Vulnerable Software and Affected Versions: Apache Hadoop versions prior to 3.2.3 Description: The issue is related to the unTar function in Apache Hadoop, which uses the unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. This can lead to a TAR entr...

9.8CVSS8.9AI score0.04176EPSS
Exploits1References15
Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.132 views

Symlink Attack in kubectl cp

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could r...

6.4CVSS1.5AI score0.13164EPSS
Exploits2References13Affected Software1
RedHat Linux
RedHat Linux
added 2021/12/02 10:4 p.m.4 views

jenkins: FilePath#unzip and FilePath#untar were not subject to any access control

An incorrect access control vulnerability was found in Jenkins. The FilePathunzip and FilePathuntar were not subjected to any access control. An attacker with access to FilePathunzip or FilePathuntar operations is able to read and write arbitrary files on the Jenkins controller file system...

9.1CVSS5.8AI score0.01416EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/12/02 10:4 p.m.3 views

jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link

An incorrect permissions validation vulnerability was found in Jenkins. The FilePathuntar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system...

9.1CVSS5.8AI score0.01342EPSS
Exploits0References5
Rows per page
Query Builder