Arbitrary File Write

one-java-agent-plugin is vulnerable to arbitrary file write. An attacker can overwrite the executable files or invoke them remotely through the unzip function of IOUtils.java by providing a specially crafted archive...

GHSA-9HR3-J9MC-XMQ2 Path Traversal in com.alibaba.oneagent:one-java-agent-plugin

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...

com.alibaba.oneagent:one-java-agent (=0.0.1) potentially affected by CVE-2022-25842 via com.alibaba.oneagent:one-java-agent-plugin (=0.0.1)

com.alibaba.oneagent:one-java-agent-plugin MAVEN version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.alibaba.oneagent:one-java-agent-plugin and may be impacted: - com.alibaba.oneagent:one-java-agent =0.0.1 Source cves: CVE-2022-25842...

CVE-2022-25842

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...

CVE-2022-25842

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...

one-java-agent 路径遍历漏洞

one-java-agent is to provide plug-in support to unify the management of numerous Java Agent. A security vulnerability exists in all versions of com.alibaba.oneagent:one-java-agent-plugin, which can be exploited by an attacker to overwrite executables and remotely invoke them or wait for the syste...

com.alibaba.oneagent:one-java-agent (=0.0.1) potentially affected by CVE-2022-25842 via com.alibaba.oneagent:one-java-agent-plugin (=0.0.1)

com.alibaba.oneagent:one-java-agent-plugin MAVEN version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.alibaba.oneagent:one-java-agent-plugin and may be impacted: - com.alibaba.oneagent:one-java-agent =0.0.1 Source cves: CVE-2022-25842...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke them remotely or wait for...