Lucene search
Veracode Vulnerability DatabaseVERACODE:6266HistoryMay 10, 2018 - 6:14 a.m.
Arbitrary File Write
2018-05-1006:14:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.001 Low
EPSS
Percentile
20.4%
spring-integration-zip is vulnerable to arbitrary file write attacks. The vulnerability exists due to the lack of sanitization of the filename, allowing path-traversal filenames to exist and write to arbitrary file locations during the unzipping process.
| CPE | Name | Operator | Version |
|---|---|---|---|
| spring integration zip adapter | eq | 1.0.0.RELEASE |
Related
f5
f5
K23985340 : Spring Integration Zip vulnerability CVE-2018-1261
2018-05-29 00:00:00
cve
cve
CVE-2018-1261
2018-05-11 20:29:00
CVE-2018-1263
2018-05-15 20:29:00
cvelist
cvelist
CVE-2018-1261
2018-05-09 00:00:00
CVE-2018-1263
2018-05-09 00:00:00
osv
osv
Path traversal in org.springframework.integration:spring-integration-zip
2018-10-18 18:05:46
CVE-2018-1261
2018-05-11 20:29:00
CVE-2018-1263
2018-05-15 20:29:00
github
github
Path traversal in org.springframework.integration:spring-integration-zip
2018-10-18 18:05:46
spring-integration-zip Arbitrary File Write
2022-05-13 01:07:04
prion
prion
Path traversal
2018-05-11 20:29:00
Path traversal
2018-05-15 20:29:00
nvd
nvd
CVE-2018-1261
2018-05-11 20:29:00
CVE-2018-1263
2018-05-15 20:29:00
veracode
veracode
Arbitrary File Write
2018-05-14 03:51:04
checkpoint_advisories
checkpoint_advisories