Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2022/05/03 12:0 a.m.8 views

com.alibaba.oneagent:one-java-agent (=0.0.1) potentially affected by CVE-2022-25842 via com.alibaba.oneagent:one-java-agent-plugin (=0.0.1)

com.alibaba.oneagent:one-java-agent-plugin MAVEN version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.alibaba.oneagent:one-java-agent-plugin and may be impacted: - com.alibaba.oneagent:one-java-agent =0.0.1 Source cves: CVE-2022-25842...

9.8CVSS7.2AI score0.03556EPSS
Exploits1
Cvelist
Cvelist
added 2022/05/01 3:25 p.m.24 views

CVE-2022-25842 Arbitrary File Write via Archive Extraction (Zip Slip)

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...

6.9CVSS9.8AI score0.03556EPSS
Exploits1References4
CVE
CVE
added 2022/05/01 3:25 p.m.105 views

CVE-2022-25842

CVE-2022-25842 affects all versions of com.alibaba.oneagent:one-java-agent-plugin. It is vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip): a crafted archive with directory traversal filenames (e.g., ../../evil.exe) can cause sensitive files to be overwritten, enabling remote c...

9.8CVSS8.3AI score0.03556EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/01 3:20 p.m.4 views

CVE-2022-25842

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...

9.8CVSS7.5AI score0.03556EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2022/02/21 3:33 p.m.4 views

com.alibaba.oneagent:one-java-agent (=0.0.1) potentially affected by CVE-2022-25842 via com.alibaba.oneagent:one-java-agent-plugin (=0.0.1)

com.alibaba.oneagent:one-java-agent-plugin MAVEN version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.alibaba.oneagent:one-java-agent-plugin and may be impacted: - com.alibaba.oneagent:one-java-agent =0.0.1 Source cves: CVE-2022-25842...

9.8CVSS7.2AI score0.03556EPSS
Exploits1
Rows per page
Query Builder