Lucene search

Veracode Vulnerability DatabaseVERACODE:46286

HistoryApr 09, 2024 - 5:24 a.m.

Path Traversal

2024-04-0905:24:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

path traversal

vulnerability

file paths

tar archives

attacker

craft

unpacked

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.6%

JSON

github.com/mholt/archiver is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths within tar archives, allowing an attacker to craft a tar file that, when unpacked, can access or modify files or directories outside of the intended directory.

CPENameOperatorVersion
github.com/mholt/archiverlev3.5.1
github.com/mholt/archiverlev3.5.1

CPE	Name	Operator	Version
	github.com/mholt/archiver	le	v3.5.1
	github.com/mholt/archiver	le	v3.5.1

References

access.redhat.com/security/cve/CVE-2024-0406

bugzilla.redhat.com/show_bug.cgi?id=2257749

github.com/advisories/GHSA-rhh4-rh7c-7r5v

github.com/mholt/archiver/pull/396

github.com/mholt/archiver/pull/396/commits/82ca88a2eb24d418c30bf960ef071b0bbec04631

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.6%

JSON

Related for VERACODE:46286