5 matches found
com.alibaba.oneagent:one-java-agent (=0.0.1) potentially affected by CVE-2022-25842 via com.alibaba.oneagent:one-java-agent-plugin (=0.0.1)
com.alibaba.oneagent:one-java-agent-plugin MAVEN version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.alibaba.oneagent:one-java-agent-plugin and may be impacted: - com.alibaba.oneagent:one-java-agent =0.0.1 Source cves: CVE-2022-25842...
CVE-2022-25842 Arbitrary File Write via Archive Extraction (Zip Slip)
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...
CVE-2022-25842
CVE-2022-25842 affects all versions of com.alibaba.oneagent:one-java-agent-plugin. It is vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip): a crafted archive with directory traversal filenames (e.g., ../../evil.exe) can cause sensitive files to be overwritten, enabling remote c...
CVE-2022-25842
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...
com.alibaba.oneagent:one-java-agent (=0.0.1) potentially affected by CVE-2022-25842 via com.alibaba.oneagent:one-java-agent-plugin (=0.0.1)
com.alibaba.oneagent:one-java-agent-plugin MAVEN version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.alibaba.oneagent:one-java-agent-plugin and may be impacted: - com.alibaba.oneagent:one-java-agent =0.0.1 Source cves: CVE-2022-25842...