cve/CVE-2018-1261.md at bc4580b7799602bfe4618c8fe9ddff9c2dfdfc86

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio bc4580b779 Update CVE sources 2024-06-07 04:52

2024-06-07 04:52:01 +00:00

Description

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/ExpLangcn/FuYao-Go
https://github.com/ax1sX/SpringSecurity
https://github.com/gyyyy/footprint
https://github.com/jpbprakash/vuln
https://github.com/mile9299/zip-slip-vulnerability
https://github.com/snyk/zip-slip-vulnerability

1.1 KiB Raw Blame History

CVE-2018-1261

Description

POC

Reference

Github

1.1 KiB

Raw Blame History