4 matches found
CVE-2018-1002201
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
CVE-2018-1002201
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
ZIP Slip Arbitrary File Overwrite Remote Code Execution (CVE-2018-1002200; CVE-2018-1002201; CVE-2018-1002203; CVE-2018-1002204; CVE-2018-1002205; CVE-2018-1002206; CVE-2018-1002207; CVE-2018-1261; CVE-2018-8008; CVE-2018-8009; CVE-2021-43555)
A file overwrite vulnerability exist in archive formats. To trigger this issue, an attacker may create a malicious archive that will exploit this vulnerability. Successful exploitation of this vulnerability would allow a remote attacker to overwrite arbitrary files on the vulnerable system and...
cc.kebei:onion-expands-compress (>=3.0.0 <=3.0.6), com.aftia.plugin:aem-build-maven-plugin.core (>=1.1.1 <=1.2.2) +90 more potentially affected by CVE-2018-1002201 via org.zeroturnaround:zt-zip (>=1.10 <=1.12)
org.zeroturnaround:zt-zip MAVEN version =1.10, =3.0.0, =1.1.1, =5.0, =2.1.6, =3.6.1, =0.1.4, =1.0.3, =1.0.0, =1.0, =1.1 and more Source cves: CVE-2018-1002201 Source advisory: SNYK:JAVA-ORGZEROTURNAROUND-31681...