Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2024/09/02 4:13 p.m.15 views

CVE-2024-42471 Arbitrary File Write via artifact extraction in actions/artifact

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of actions/artifact on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted...

7.3CVSS7.4AI score0.03037EPSS
Exploits4References3
OSV
OSV
added 2021/03/01 6:15 p.m.40 views

CVE-2021-22114

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.3CVSS6.6AI score0.01038EPSS
Exploits0References1
Prion
Prion
added 2021/03/01 6:15 p.m.21 views

Path traversal

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5CVSS4.7AI score0.01446EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/05/11 8:29 p.m.17 views

CVE-2018-1261

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

4.7CVSS4.7AI score0.01288EPSS
Exploits0References2
Rows per page
Query Builder