Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:35039
HistoryApr 10, 2022 - 10:33 a.m.

Remote Code Execution

2022-04-1010:33:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gzip is vulnerable to remote code execution. Insufficient validations when processing filenames with two or more newlines allow remote attackers to force zgrep or xzgrep to write arbitrary files on the system.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Related for VERACODE:35039