Lucene search
K

6 matches found

CVE
CVE
added 2018/08/13 7:0 p.m.38 views

CVE-2018-3782

CVE-2018-3782 is a reservation duplicate of CVE-2018-1002203. Connected details confirm that unzipper (npm) prior to 0.8.13 is vulnerable to directory traversal (Zip-Slip), allowing arbitrary file write during archive extraction. The vulnerability affects unzipper before 0.8.13; remediation is to...

5.7AI score
Exploits0
OSV
OSV
added 2018/07/25 5:29 p.m.19 views

CVE-2018-1002203

unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS5.5AI score
Exploits0References5
CVE
CVE
added 2018/07/25 5:0 p.m.66 views

CVE-2018-1002203

The unzipper npm library (before 0.8.13) is vulnerable to directory traversal (Zip-Slip) via crafted archive entries with ../, allowing arbitrary file writes during extraction. Root cause: mishandled path normalization in archive extraction. Affected versions are prior to 0.8.13; fix: update to 0...

5.5CVSS5.6AI score0.11917EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2018/07/25 5:0 p.m.31 views

CVE-2018-1002203

unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.4AI score0.11917EPSS
Exploits1References5
Check Point Advisories
Check Point Advisories
added 2018/06/06 12:0 a.m.58 views

ZIP Slip Arbitrary File Overwrite Remote Code Execution (CVE-2018-1002200; CVE-2018-1002201; CVE-2018-1002203; CVE-2018-1002204; CVE-2018-1002205; CVE-2018-1002206; CVE-2018-1002207; CVE-2018-1261; CVE-2018-8008; CVE-2018-8009; CVE-2021-43555)

A file overwrite vulnerability exist in archive formats. To trigger this issue, an attacker may create a malicious archive that will exploit this vulnerability. Successful exploitation of this vulnerability would allow a remote attacker to overwrite arbitrary files on the vulnerable system and...

6.8CVSS4.4AI score0.37986EPSS
Exploits7
Hacker One
Hacker One
added 2018/06/05 4:1 p.m.43 views

Node.js third-party modules: Arbitrary File Write through archive extraction

I would like to report arbitrary file write vulnerability in adm-zip module It allows attackers to write arbitrary files when a malicious archive is extracted. More info here: https://snyk.io/research/zip-slip-vulnerability https://github.com/snyk/zip-slip-vulnerabilityaffected-libraries Module...

4.3CVSS1.2AI score0.11917EPSS
Exploits1
Rows per page
Query Builder