Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3141

Malicious code in bioql PyPI...

4.7CVSS5.2AI score0.01446EPSS
Exploits0References6
OSV
OSV
added 2022/05/13 1:7 a.m.18 views

GHSA-87VG-5PGX-PGGH spring-integration-zip Arbitrary File Write

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...

4.7CVSS4.8AI score0.01446EPSS
Exploits0References5
Check Point Advisories
Check Point Advisories
added 2018/06/06 12:0 a.m.40 views

ZIP Slip Arbitrary File Overwrite Remote Code Execution (CVE-2018-1002200; CVE-2018-1002201; CVE-2018-1002203; CVE-2018-1002204; CVE-2018-1002205; CVE-2018-1002206; CVE-2018-1002207; CVE-2018-1261; CVE-2018-8008; CVE-2018-8009; CVE-2021-43555)

A file overwrite vulnerability exist in archive formats. To trigger this issue, an attacker may create a malicious archive that will exploit this vulnerability. Successful exploitation of this vulnerability would allow a remote attacker to overwrite arbitrary files on the vulnerable system and...

6.8CVSS4.4AI score0.37986EPSS
Exploits7
Veracode
Veracode
added 2018/05/14 3:51 a.m.15 views

Arbitrary File Write

spring-integration-zip is vulnerable to arbitrary file write. The library is missing a path check during the unzipping process, allowing a malicious user to pass a file path outside the intended directory, which can then be used to write arbitrary files within a user application. This vulnerabili...

4.7CVSS5.2AI score0.01446EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/05/11 8:29 p.m.17 views

CVE-2018-1261

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

4.7CVSS4.7AI score0.01288EPSS
Exploits0References2
CVE
CVE
added 2018/05/11 8:0 p.m.101 views

CVE-2018-1261

The CVE-2018-1261 entry concerns spring-integration-zip. Affected component: spring-integration-zip prior to version 1.0.1. Vulnerability: arbitrary file write via path traversal in zip archives (including nested formats like zip, tar, 7z, etc.) when a crafted filename is concatenated to the targ...

4.7CVSS5AI score0.01288EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder