11 matches found
DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE
The unzipDirectory function in packages/api/src/shell/unzipDirectory.js line 27 does not validate that extracted file paths stay within the output directory. A malicious ZIP with ../ entries writes files anywhere on the filesystem. In the default Docker deployment, DbGate runs as root and the non...
Directory Traversal
alexusmai/laravel-file-manager is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of extraction paths during archive unzip functionality, which allows an attacker to write files to arbitrary locations on the filesystem...
CVE-2025-13816
A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...
CVE-2022-4976
Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141...
CVE-2022-4976
Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141...
CVE-2022-4976
Archive::Unzip::Burst (Perl) bundled InfoZip library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141. The module itself is vulnerable via the bundled library; no specific remediation details are provided in the connected documents. The CVE entry notes the bundled library vulnerabili...
CVE-2022-4976 Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities
Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141...
Archive::Unzip::Burst 安全漏洞
Archive::Unzip::Burst is a Perl decompression tool from the Perl community. A security vulnerability exists in Archive::Unzip::Burst 0.09 and earlier versions, which stems from multiple vulnerabilities affecting the bundled InfoZip library...
PT-2025-25274 · Info Zip +1 · Info-Zip +1
Name of the Vulnerable Software and Affected Versions: Archive::Unzip::Burst versions 0.01 through 0.09 Description: The issue concerns a bundled InfoZip library in Archive::Unzip::Burst for Perl, which is affected by several vulnerabilities. Recommendations: For Archive::Unzip::Burst versions 0....
CVE-2024-11343
In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, unzipping an archive can lead to arbitrary file system access...
PT-2025-6501 · Telerik · Telerik Document Processing Libraries
Name of the Vulnerable Software and Affected Versions: In Progress Telerik Document Processing Libraries versions prior to 2025.1.205 Description: The issue allows arbitrary file system access when unzipping an archive. Recommendations: For versions prior to 2025.1.205, update to version 2025.1.2...