4 matches found
Arbitrary File Write
sbt is vulnerable to Path Traversal. The vulnerability is a result of the absence of path sanitization in the IO.scala file. This oversight allows an attacker to access files outside the expected directory and write arbitrary files. An attacker can exploit this vulnerability by providing a...
Code injection
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...
CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...
CVE-2023-46122 Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorizedkeys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however...