Lucene search
Veracode Vulnerability DatabaseVERACODE:43036HistoryAug 31, 2023 - 5:05 a.m.
Path Traversal
2023-08-3105:05:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
pf4j
path traversal
vulnerability
extract function
unzip.java
path validation
attacker
sensitive information
arbitrary code
loadpluginpath}
.
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.003
Percentile
70.0%
PF4J is vulnerable to Path Traversal. The vulnerability exists in the extract function in Unzip.java due to a lack of path validation which allows an attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
Related
ubuntucve
ubuntucve
CVE-2023-40827
2023-08-28 00:00:00
prion
prion
Code injection
2023-08-28 22:15:00
osv
osv
CVE-2023-40827
2023-08-28 22:15:09
pf4j vulnerable to remote code execution via loadpluginPath parameter
2023-08-29 00:32:04
nvd
nvd
CVE-2023-40827
2023-08-28 22:15:09
debiancve
debiancve
CVE-2023-40827
2023-08-28 22:15:09
cvelist
cvelist
CVE-2023-40827
2023-08-28 00:00:00
cve
cve
CVE-2023-40827
2023-08-28 22:15:09
github
github
pf4j vulnerable to remote code execution via loadpluginPath parameter
2023-08-29 00:32:04
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.003
Percentile
70.0%
Related for VERACODE:43036