Lucene search
K

11 matches found

Github Security Blog
Github Security Blog
added 2026/06/05 4:26 p.m.15 views

DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE

The unzipDirectory function in packages/api/src/shell/unzipDirectory.js line 27 does not validate that extracted file paths stay within the output directory. A malicious ZIP with ../ entries writes files anywhere on the filesystem. In the default Docker deployment, DbGate runs as root and the non...

5.5AI score0.00058EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/12/13 6:48 a.m.6 views

Directory Traversal

alexusmai/laravel-file-manager is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of extraction paths during archive unzip functionality, which allows an attacker to write files to arbitrary locations on the filesystem...

9.1CVSS6AI score0.00894EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/02 9:20 a.m.8 views

CVE-2025-13816

A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...

8.8CVSS6.4AI score0.00552EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/14 1:11 a.m.7 views

CVE-2022-4976

Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141...

9.8CVSS8AI score0.07448EPSS
Exploits0References1
NVD
NVD
added 2025/06/12 1:15 a.m.12 views

CVE-2022-4976

Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141...

9.8CVSS0.00348EPSS
Exploits0References1
CVE
CVE
added 2025/06/12 12:33 a.m.108 views

CVE-2022-4976

Archive::Unzip::Burst (Perl) bundled InfoZip library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141. The module itself is vulnerable via the bundled library; no specific remediation details are provided in the connected documents. The CVE entry notes the bundled library vulnerabili...

9.8CVSS7.9AI score0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/12 12:33 a.m.47 views

CVE-2022-4976 Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities

Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141...

0.00348EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/12 12:0 a.m.4 views

Archive::Unzip::Burst 安全漏洞

Archive::Unzip::Burst is a Perl decompression tool from the Perl community. A security vulnerability exists in Archive::Unzip::Burst 0.09 and earlier versions, which stems from multiple vulnerabilities affecting the bundled InfoZip library...

9.8CVSS6.9AI score0.00348EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.6 views

PT-2025-25274 · Info Zip +1 · Info-Zip +1

Name of the Vulnerable Software and Affected Versions: Archive::Unzip::Burst versions 0.01 through 0.09 Description: The issue concerns a bundled InfoZip library in Archive::Unzip::Burst for Perl, which is affected by several vulnerabilities. Recommendations: For Archive::Unzip::Burst versions 0....

9.8CVSS6.2AI score0.00348EPSS
Exploits0References6
OSV
OSV
added 2025/02/12 4:15 p.m.5 views

CVE-2024-11343

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, unzipping an archive can lead to arbitrary file system access...

8.8CVSS5.9AI score0.0062EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.5 views

PT-2025-6501 · Telerik · Telerik Document Processing Libraries

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Document Processing Libraries versions prior to 2025.1.205 Description: The issue allows arbitrary file system access when unzipping an archive. Recommendations: For versions prior to 2025.1.205, update to version 2025.1.2...

8.8CVSS7.4AI score0.0062EPSS
Exploits0References6
Rows per page
Query Builder