5 matches found
org.apache.storm:flux-core (>=1.1.0 <=1.1.2), org.apache.storm:storm-elasticsearch-examples (>=1.1.0 <=1.1.2) +14 more potentially affected by CVE-2018-8008 via org.apache.storm:storm-core (>=1.1.0 <=1.1.2)
org.apache.storm:storm-core MAVEN version =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.2 and more Source cves: CVE-2018-8008 Source advisory: OSV:GHSA-898J-5CC8-CMF5...
ZIP Slip Arbitrary File Overwrite Remote Code Execution (CVE-2018-1002200; CVE-2018-1002201; CVE-2018-1002203; CVE-2018-1002204; CVE-2018-1002205; CVE-2018-1002206; CVE-2018-1002207; CVE-2018-1261; CVE-2018-8008; CVE-2018-8009; CVE-2021-43555)
A file overwrite vulnerability exist in archive formats. To trigger this issue, an attacker may create a malicious archive that will exploit this vulnerability. Successful exploitation of this vulnerability would allow a remote attacker to overwrite arbitrary files on the vulnerable system and...
CVE-2018-8008
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...
CVE-2018-8008
CVE-2018-8008 affects Apache Storm up to 1.0.6, 1.2.1, and 1.1.2, enabling arbitrary file write via specially crafted archives with path traversal filenames that extract outside the target directory. Connected advisories corroborate a ZipSlip-style flaw across multiple Storm releases. Remediation...
com.accelerate-experience:storm-metrics-statsd (>=1.0.0 <=1.0.1), com.accelerate-experience:storm-rabbitmq (=1.0.0) +85 more potentially affected by CVE-2018-8008 via org.apache.storm:storm-core (>=1.0.0 <=1.1.2)
org.apache.storm:storm-core MAVEN version =1.0.0, =1.0.0, =0.1.0, =1.0, =1.0, =1.0, =1.3, =1.0, =1.0, =1.0, =1.0.0, =1.0.4 - com.github.ptgoetz:storm-jms =1.0.2 - com.github.ptgoetz:storm-signals =1.0.3 and more Source cves: CVE-2018-8008 Source advisory: SNYK:JAVA-ORGAPACHESTORM-32346...