Lucene search
Veracode Vulnerability DatabaseVERACODE:6285HistoryMay 14, 2018 - 3:51 a.m.
Arbitrary File Write
2018-05-1403:51:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
2
0.001 Low
EPSS
Percentile
20.4%
spring-integration-zip is vulnerable to arbitrary file write. The library is missing a path check during the unzipping process, allowing a malicious user to pass a file path outside the intended directory, which can then be used to write arbitrary files within a user application. This vulnerability is related to CVE-2018-1261.
| CPE | Name | Operator | Version |
|---|---|---|---|
| spring integration zip adapter | le | 1.0.1.RELEASE |
Related
osv
osv
spring-integration-zip Arbitrary File Write
2022-05-13 01:07:04
CVE-2018-1263
2018-05-15 20:29:00
Path traversal in org.springframework.integration:spring-integration-zip
2018-10-18 18:05:46
github
github
spring-integration-zip Arbitrary File Write
2022-05-13 01:07:04
Path traversal in org.springframework.integration:spring-integration-zip
2018-10-18 18:05:46
Path Traversal in Spring-integration-zip
2022-03-18 17:40:44
cvelist
cvelist
prion
prion
cve
cve
nvd
nvd
f5
f5
K23985340 : Spring Integration Zip vulnerability CVE-2018-1261
2018-05-29 00:00:00
veracode
veracode
Arbitrary File Write
2018-05-10 06:14:04
Arbitrary File Rewrite
2021-03-02 05:03:40
checkpoint_advisories
checkpoint_advisories