Lucene search
K

13 matches found

EUVD
EUVD
added 2026/06/18 3:2 p.m.7 views

EUVD-2026-37812

BBOT: Path traversal Zip-Slip in unarchive module - incomplete fix for CVE-2025-10284...

9.6CVSS5.1AI score0.00668EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 11:17 p.m.10 views

CVE-2026-12565

The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools e.g. GNU tar which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the underlying archive extractio...

5.3CVSS0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:45 p.m.14 views

CVE-2026-12565 Path Traversal (Zip-Slip) in unarchive module

The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools e.g. GNU tar which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the underlying archive extractio...

5.3CVSS0.00208EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:45 p.m.19 views

CVE-2026-12565

The CVE-2026-12565 entry concerns the unarchive module’s archive extraction commands, which perform no path validation and rely on external tools (notably GNU tar) whose behavior varies by platform. On systems using GNU tar < 1.34 (e.g., Ubuntu 20.04, Debian Buster, CentOS 7, and many Docker b...

5.3CVSS5.3AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.28 views

PT-2026-50560

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The unarchive internal module's archive extraction commands lack code-level validation for extracted file paths. This causes the module to rely on the behavior o...

5.3CVSS5.2AI score0.00208EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 6:17 p.m.10 views

CVE-2026-50567

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined each archive entry name with the destination directory via filepath.Join and wrote the result...

7.7CVSS0.00301EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/09 4:42 p.m.2 views

Directory Traversal

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Directory Traversal via unarchive.py. An attacker can execute arbitrary code by supplying a specially crafted archive file that, when extracted, writes files to arbitrary locations on the file...

9.6CVSS7.9AI score0.00668EPSS
Exploits0References2
NVD
NVD
added 2025/10/09 4:15 p.m.3 views

CVE-2025-10284

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

9.6CVSS0.00668EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/09 3:46 p.m.2 views

CVE-2025-10284 Improper Archive Extraction in unarchive Enables RCE

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

9.6CVSS7.8AI score0.00668EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 3:46 p.m.14 views

CVE-2025-10284

BBOT’s unarchive.py is vulnerable to arbitrary file write and remote code execution when extracting crafted archives, due to insufficient sanitization of archive entry paths (path traversal/Zip-Slip-like behavior). The CVE description and multiple sources (NVD/NVD entry, Red Hat advisory, GHSA, a...

9.6CVSS7.8AI score0.00668EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/09 3:46 p.m.8 views

CVE-2025-10284 Improper Archive Extraction in unarchive Enables RCE

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

9.6CVSS0.00668EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.3 views

PT-2025-41397

Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The unarchive module in BBOT is susceptible to exploitation through the use of malicious archive files. When these files are extracted, they can trigger arbitrary file writes, potentially leadin...

9.6CVSS6.5AI score0.00668EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2020/04/22 2:10 p.m.4 views

Ansible: modules which use files encrypted with vault are not properly cleaned up

A flaw was found on Ansible Engine when using modules which decrypts vault files such as assemble, script, unarchive, wincopy, awss3 or copy modules. The temporary directory is created in /tmp leaves the secrets unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root...

5.5CVSS7.1AI score0.00376EPSS
Exploits0References4
Rows per page
Query Builder