Lucene search

K

Veracode Vulnerability DatabaseVERACODE:12989

HistoryJan 15, 2019 - 9:24 a.m.

Arbitrary File Write

2019-01-1509:24:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4

0.001 Low

EPSS

Percentile

47.8%

Plexus Archiver Component is vulnerable to zip-slip vulnerability. The vulnerability exists when the attacker inputs a malicious zip archive with filenames including file traversal characters such as dot dot (..), leading to concatenation of file path locating outside of the destination folder.

CPENameOperatorVersion
rh-maven33-plexus-archivereq2.4.2__4.12.el6
rh-maven33-plexus-archivereq2.4.2__4.12.el7
rh-maven35-plexus-archivereq3.4__2.2.el7

References

access.redhat.com/errata/RHSA-2018:1836

access.redhat.com/errata/RHSA-2018:1837

access.redhat.com/security/updates/classification/#important

github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8

github.com/codehaus-plexus/plexus-archiver/pull/87

www.debian.org/security/2018/dsa-4227

0.001 Low

EPSS

Percentile

47.8%

Related for VERACODE:12989

centos1 debian2 prion1 nvd1 openvas6 github1 nessus11 cvelist1 fedora2 oraclelinux1 redhatcve1 mageia1 osv4 cve1 amazon1 debiancve1 redhat2 ubuntucve1 veracode1 ubuntu1 f51 checkpoint_advisories1