6 matches found
EUVD-2022-3141
Malicious code in bioql PyPI...
GHSA-87VG-5PGX-PGGH spring-integration-zip Arbitrary File Write
Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...
ZIP Slip Arbitrary File Overwrite Remote Code Execution (CVE-2018-1002200; CVE-2018-1002201; CVE-2018-1002203; CVE-2018-1002204; CVE-2018-1002205; CVE-2018-1002206; CVE-2018-1002207; CVE-2018-1261; CVE-2018-8008; CVE-2018-8009; CVE-2021-43555)
A file overwrite vulnerability exist in archive formats. To trigger this issue, an attacker may create a malicious archive that will exploit this vulnerability. Successful exploitation of this vulnerability would allow a remote attacker to overwrite arbitrary files on the vulnerable system and...
Arbitrary File Write
spring-integration-zip is vulnerable to arbitrary file write. The library is missing a path check during the unzipping process, allowing a malicious user to pass a file path outside the intended directory, which can then be used to write arbitrary files within a user application. This vulnerabili...
CVE-2018-1261
Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...
CVE-2018-1261
The CVE-2018-1261 entry concerns spring-integration-zip. Affected component: spring-integration-zip prior to version 1.0.1. Vulnerability: arbitrary file write via path traversal in zip archives (including nested formats like zip, tar, 7z, etc.) when a crafted filename is concatenated to the targ...