2018-06-05 11:03:57 -04:00
{
"CVE_data_meta" : {
2018-09-19 09:29:37 -04:00
"ASSIGNER" : "security@apache.org" ,
"DATE_PUBLIC" : "2018-09-19T00:00:00" ,
2018-06-05 11:03:57 -04:00
"ID" : "CVE-2018-11762" ,
2018-09-19 09:29:37 -04:00
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
2019-02-08 14:15:02 +00:00
"product_name" : "Apache Tika" ,
2018-09-19 09:29:37 -04:00
"version" : {
"version_data" : [
{
"version_value" : "0.9 to 1.18"
}
]
}
}
]
} ,
"vendor_name" : "Apache Software Foundation"
}
]
}
2018-06-05 11:03:57 -04:00
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2018-09-19 10:26:48 -04:00
"value" : "In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as \"C:/evil.bat\", tika-app would overwrite that file."
2018-09-19 09:29:37 -04:00
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Zip Slip Vulnerability in Apache Tika's tika-app"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
2018-09-19 10:26:48 -04:00
"name" : "[tika-dev] 20180919 [CVE-2018-11762] Zip Slip Vulnerability in Apache Tika's tika-app" ,
"refsource" : "MLIST" ,
2018-09-19 09:29:37 -04:00
"url" : "https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b@%3Cdev.tika.apache.org%3E"
2018-10-07 06:03:25 -04:00
} ,
{
"name" : "105515" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/105515"
2018-06-05 11:03:57 -04:00
}
]
}
}
