Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2018/07/27 5:7 p.m.5 views

@lowzonenose/jsonp (>=0.0.1 <=0.0.3), @magnolia/cli (>=3.0.5 <=3.0.6) +184 more potentially affected by CVE-2018-1002204 via adm-zip (>=0.1.4 <=0.4.10)

adm-zip NPM version =0.1.4, =0.0.1, =3.0.5, =0.4.0, =0.1.3, =0.0.2, =0.0.4, =0.0.9, =0.10.0, =0.3.5, =1.0.13, =0.4.0, =0.1.0, =0.1.1 - attester =2.5.3 and more Source cves: CVE-2018-1002204 Source advisory: OSV:GHSA-3V6H-HQM4-2RG6...

5.5CVSS6.4AI score0.15359EPSS
Exploits1
OSV
OSV
added 2018/07/25 5:29 p.m.26 views

CVE-2018-1002204

adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.5CVSS5.4AI score
Exploits0References6
Cvelist
Cvelist
added 2018/07/25 5:0 p.m.33 views

CVE-2018-1002204

adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

5.8AI score0.15359EPSS
Exploits1References6
Check Point Advisories
Check Point Advisories
added 2018/06/06 12:0 a.m.58 views

ZIP Slip Arbitrary File Overwrite Remote Code Execution (CVE-2018-1002200; CVE-2018-1002201; CVE-2018-1002203; CVE-2018-1002204; CVE-2018-1002205; CVE-2018-1002206; CVE-2018-1002207; CVE-2018-1261; CVE-2018-8008; CVE-2018-8009; CVE-2021-43555)

A file overwrite vulnerability exist in archive formats. To trigger this issue, an attacker may create a malicious archive that will exploit this vulnerability. Successful exploitation of this vulnerability would allow a remote attacker to overwrite arbitrary files on the vulnerable system and...

6.8CVSS4.4AI score0.37986EPSS
Exploits7
Hacker One
Hacker One
added 2018/06/05 3:58 p.m.90 views

Node.js third-party modules: Arbitrary File Write Through Archive Extraction

I would like to report arbitrary file write vulnerability in adm-zip module It allows attackers to write arbitrary files when a malicious archive is extracted. More info here: https://snyk.io/research/zip-slip-vulnerability https://github.com/snyk/zip-slip-vulnerabilityaffected-libraries Module...

4.3CVSS0.3AI score0.15359EPSS
Exploits1
Rows per page
Query Builder