2018-12-19 09:06:19 -05:00
{
"CVE_data_meta" : {
2019-02-05 13:20:26 -05:00
"ASSIGNER" : "cve@checkpoint.com" ,
"DATE_PUBLIC" : "2019-02-05T00:00:00" ,
2018-12-19 09:06:19 -05:00
"ID" : "CVE-2018-20250" ,
2019-02-05 13:20:26 -05:00
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WinRAR" ,
"version" : {
"version_data" : [
{
"version_value" : "All versions prior and including 5.61"
}
]
}
}
]
} ,
"vendor_name" : "Check Point Software Technologies Ltd."
}
]
}
2018-12-19 09:06:19 -05:00
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2019-02-05 13:20:26 -05:00
"value" : "By crafting the filename field of the ACE format, the destination folder (extraction folder) is ignored, and the relative path in the filename field becomes an absolute Path. This logical bug, allows the extraction of a file to an arbitrary location which is effectively code execution."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-36: Absolute Path Traversal"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
2019-02-05 15:07:21 -05:00
"name" : "https://www.win-rar.com/whatsnew.html" ,
"refsource" : "MISC" ,
2019-02-05 13:20:26 -05:00
"url" : "https://www.win-rar.com/whatsnew.html"
2019-02-09 06:04:06 -05:00
} ,
{
"name" : "106948" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/106948"
2018-12-19 09:06:19 -05:00
}
]
}
}
