7 matches found
EUVD-2022-1345
Malicious code in bioql PyPI...
BIT-NATS-2022-26652
NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...
CVE-2022-26652
NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...
CVE-2022-26652
NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...
CVE-2022-26652
NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...
Directory traversal
NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...
CVE-2022-26652
Summary: CVE-2022-26652 affects NATS nats-server (up to 2.7.3) and nats-streaming-server (up to 0.24.2). The issue is a directory traversal (“Zip Slip”) via an element in a ZIP archive used in JetStream streams, allowing potentially arbitrary file write. The root cause is insufficient sanitizatio...