DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE

The unzipDirectory function in packages/api/src/shell/unzipDirectory.js line 27 does not validate that extracted file paths stay within the output directory. A malicious ZIP with ../ entries writes files anywhere on the filesystem. In the default Docker deployment, DbGate runs as root and the non...

CVE-2022-30547

CVE-2022-30547 affects WWBN AVideo 11.6 and dev master commit 3f7c0364. The unzipDirectory function unzips uploaded ZIPs without validating path traversal, allowing arbitrary code execution via crafted archives (e.g., files placed as ../shell.php). Talos confirms vulnerability in aVideoEncoder.un...

PT-2022-20170 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 and prior, including dev master commit 3f7c0364 and earlier Description: A directory traversal issue exists in the unzipDirectory functionality, allowing an attacker to send a specially-crafted HTTP request that can...

WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability

Talos Vulnerability Report TALOS-2022-1547 WWBN AVideo aVideoEncoder unzipDirectory directory traversal vulnerability August 16, 2022 CVE Number CVE-2022-30547 SUMMARY A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364...