Arbitrary File Write

2018-06-0608:19:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

47.6%

JSON

adm-zip is vulnerable to arbitrary file write. The application does not properly validate the destination filepath during compressed file extraction, allowing a malicious user to overwrite files in the target directory.

CPENameOperatorVersion
adm-ziple0.4.7
adm-zipeq0.4.4
adm-zip-mitle0.4.9
adm-zip-iconvle0.4.9
adm-zip-electroneq0.4.7
adm-zip-with-encle0.4.8

Name	Operator	Version
adm-zip	le	0.4.7
adm-zip	eq	0.4.4
adm-zip-mit	le	0.4.9
adm-zip-iconv	le	0.4.9
adm-zip-electron	eq	0.4.7
adm-zip-with-enc	le	0.4.8

References

www.securityfocus.com/bid/107001

github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25

github.com/cthackers/adm-zip/commit/6f4dfeb9a2166e93207443879988f97d88a37cde

github.com/cthackers/adm-zip/pull/212

0.001 Low

EPSS

Percentile

47.6%

JSON

Related for VERACODE:6582