admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-07-25 13:06:12 -04:00
parent ebaee51c48
commit cb866a8d11
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 815 additions and 538 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
2018/1002xxx/CVE-2018-1002200.json
View File

@ -1,58 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z",
"ID": "CVE-2018-1002200",
"REQUESTER": "danny@snyk.io",
"STATE": "PUBLIC",
"UPDATED": "2018-05-17T10:52Z"
},
"affects": {
"vendor": {
"vendor_data": [{
"product": {
"product_data": [{
"product_name": "plexus-archiver",
"version": {
"version_data": [{
"version_affected": "<",
"version_value": "3.6.0"
}]
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID" : "CVE-2018-1002200",
"REQUESTER" : "danny@snyk.io",
"STATE" : "PUBLIC",
"UPDATED" : "2018-05-17T10:52Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "plexus-archiver",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "3.6.0"
}
]
}
}]
},
"vendor_name": "Codehaus"
}]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [{
"lang": "eng",
"value": "plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
},
"problemtype": {
"problemtype_data": [{
"description": [{
"lang": "eng",
"value": "CWE-22"
}]
}]
},
"references": {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"url": "https://github.com/snyk/zip-slip-vulnerability"
}, {
"url": "https://github.com/codehaus-plexus/plexus-archiver/pull/87"
}, {
"url": "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8"
}]
}
}
]
},
"vendor_name" : "Codehaus"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680"
},
{
"name" : "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8",
"refsource" : "CONFIRM",
"url" : "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8"
},
{
"name" : "https://github.com/codehaus-plexus/plexus-archiver/pull/87",
"refsource" : "CONFIRM",
"url" : "https://github.com/codehaus-plexus/plexus-archiver/pull/87"
}
]
}
}

136
2018/1002xxx/CVE-2018-1002201.json
View File

@ -1,56 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z",
"ID": "CVE-2018-1002201",
"REQUESTER": "danny@snyk.io",
"STATE": "PUBLIC",
"UPDATED": "2018-05-17T10:52Z"
},
"affects": {
"vendor": {
"vendor_data": [{
"product": {
"product_data": [{
"product_name": "zt-zip",
"version": {
"version_data": [{
"version_affected": "<",
"version_value": "1.13"
}]
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID" : "CVE-2018-1002201",
"REQUESTER" : "danny@snyk.io",
"STATE" : "PUBLIC",
"UPDATED" : "2018-05-17T10:52Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "zt-zip",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "1.13"
}
]
}
}]
},
"vendor_name": "zeroturnaround"
}]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [{
"lang": "eng",
"value": "zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
},
"problemtype": {
"problemtype_data": [{
"description": [{
"lang": "eng",
"value": "CWE-22"
}]
}]
},
"references": {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"url": "https://github.com/snyk/zip-slip-vulnerability"
}, {
"url": "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff"
}]
}
}
]
},
"vendor_name" : "zeroturnaround"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681"
},
{
"name" : "https://github.com/zeroturnaround/zt-zip/blob/zt-zip-1.13/Changelog.txt",
"refsource" : "CONFIRM",
"url" : "https://github.com/zeroturnaround/zt-zip/blob/zt-zip-1.13/Changelog.txt"
},
{
"name" : "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff",
"refsource" : "CONFIRM",
"url" : "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff"
}
]
}
}

124
2018/1002xxx/CVE-2018-1002202.json
View File

@ -1,54 +1,76 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z",
"ID": "CVE-2018-1002202",
"REQUESTER": "danny@snyk.io",
"STATE": "PUBLIC",
"UPDATED": "2018-05-17T10:52Z"
},
"affects": {
"vendor": {
"vendor_data": [{
"product": {
"product_data": [{
"product_name": "zip4j",
"version": {
"version_data": [{
"version_affected": "<",
"version_value": "1.3.3"
}]
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID" : "CVE-2018-1002202",
"REQUESTER" : "danny@snyk.io",
"STATE" : "PUBLIC",
"UPDATED" : "2018-05-17T10:52Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "zip4j",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "1.3.3"
}
]
}
}]
},
"vendor_name": "zip4j"
}]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [{
"lang": "eng",
"value": "zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
},
"problemtype": {
"problemtype_data": [{
"description": [{
"lang": "eng",
"value": "CWE-22"
}]
}]
},
"references": {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"url": "https://github.com/snyk/zip-slip-vulnerability"
}]
}
}
]
},
"vendor_name" : "zip4j"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679"
}
]
}
}

138
2018/1002xxx/CVE-2018-1002203.json
View File

@ -1,58 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z",
"ID": "CVE-2018-1002203",
"REQUESTER": "danny@snyk.io",
"STATE": "PUBLIC",
"UPDATED": "2018-05-17T10:52Z"
},
"affects": {
"vendor": {
"vendor_data": [{
"product": {
"product_data": [{
"product_name": "unzipper",
"version": {
"version_data": [{
"version_affected": "<",
"version_value": "0.8.13"
}]
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID" : "CVE-2018-1002203",
"REQUESTER" : "danny@snyk.io",
"STATE" : "PUBLIC",
"UPDATED" : "2018-05-17T10:52Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "unzipper",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "0.8.13"
}
]
}
}]
},
"vendor_name": "node.js"
}]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [{
"lang": "eng",
"value": "unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
},
"problemtype": {
"problemtype_data": [{
"description": [{
"lang": "eng",
"value": "CWE-22"
}]
}]
},
"references": {
"reference_data": [{
"url": "https://snyk.io/vuln/npm:unzipper:20180415"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"url": "https://github.com/snyk/zip-slip-vulnerability"
}, {
"url": "https://github.com/ZJONSSON/node-unzipper/pull/59"
}, {
"url": "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd"
}]
}
}
]
},
"vendor_name" : "node.js"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/npm:unzipper:20180415",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/npm:unzipper:20180415"
},
{
"name" : "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd",
"refsource" : "CONFIRM",
"url" : "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd"
},
{
"name" : "https://github.com/ZJONSSON/node-unzipper/pull/59",
"refsource" : "CONFIRM",
"url" : "https://github.com/ZJONSSON/node-unzipper/pull/59"
}
]
}
}

138
2018/1002xxx/CVE-2018-1002204.json
View File

@ -1,58 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z",
"ID": "CVE-2018-1002204",
"REQUESTER": "danny@snyk.io",
"STATE": "PUBLIC",
"UPDATED": "2018-05-17T10:52Z"
},
"affects": {
"vendor": {
"vendor_data": [{
"product": {
"product_data": [{
"product_name": "adm-zip",
"version": {
"version_data": [{
"version_affected": "<",
"version_value": "0.4.9"
}]
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID" : "CVE-2018-1002204",
"REQUESTER" : "danny@snyk.io",
"STATE" : "PUBLIC",
"UPDATED" : "2018-05-17T10:52Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "adm-zip",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "0.4.9"
}
]
}
}]
},
"vendor_name": "node.js"
}]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [{
"lang": "eng",
"value": "adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
},
"problemtype": {
"problemtype_data": [{
"description": [{
"lang": "eng",
"value": "CWE-22"
}]
}]
},
"references": {
"reference_data": [{
"url": "https://snyk.io/vuln/npm:adm-zip:20180415"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"url": "https://github.com/snyk/zip-slip-vulnerability"
}, {
"url": "https://github.com/cthackers/adm-zip/pull/212"
}, {
"url": "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25"
}]
}
}
]
},
"vendor_name" : "node.js"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/npm:adm-zip:20180415",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/npm:adm-zip:20180415"
},
{
"name" : "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25",
"refsource" : "CONFIRM",
"url" : "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25"
},
{
"name" : "https://github.com/cthackers/adm-zip/pull/212",
"refsource" : "CONFIRM",
"url" : "https://github.com/cthackers/adm-zip/pull/212"
}
]
}
}

138
2018/1002xxx/CVE-2018-1002205.json
View File

@ -1,58 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z",
"ID": "CVE-2018-1002205",
"REQUESTER": "danny@snyk.io",
"STATE": "PUBLIC",
"UPDATED": "2018-05-17T10:52Z"
},
"affects": {
"vendor": {
"vendor_data": [{
"product": {
"product_data": [{
"product_name": "DotNetZip.Semvered",
"version": {
"version_data": [{
"version_affected": "<",
"version_value": "1.11.0"
}]
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID" : "CVE-2018-1002205",
"REQUESTER" : "danny@snyk.io",
"STATE" : "PUBLIC",
"UPDATED" : "2018-05-17T10:52Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DotNetZip.Semvered",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "1.11.0"
}
]
}
}]
},
"vendor_name": "DotNetZip"
}]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [{
"lang": "eng",
"value": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
},
"problemtype": {
"problemtype_data": [{
"description": [{
"lang": "eng",
"value": "CWE-22"
}]
}]
},
"references": {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"url": "https://github.com/snyk/zip-slip-vulnerability"
}, {
"url": "https://github.com/haf/DotNetZip.Semverd/pull/121"
}, {
"url": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
}]
}
}
]
},
"vendor_name" : "DotNetZip"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
},
{
"name" : "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366",
"refsource" : "CONFIRM",
"url" : "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
},
{
"name" : "https://github.com/haf/DotNetZip.Semverd/pull/121",
"refsource" : "CONFIRM",
"url" : "https://github.com/haf/DotNetZip.Semverd/pull/121"
}
]
}
}

138
2018/1002xxx/CVE-2018-1002206.json
View File

@ -1,58 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z",
"ID": "CVE-2018-1002206",
"REQUESTER": "danny@snyk.io",
"STATE": "PUBLIC",
"UPDATED": "2018-05-17T10:52Z"
},
"affects": {
"vendor": {
"vendor_data": [{
"product": {
"product_data": [{
"product_name": "SharpCompress",
"version": {
"version_data": [{
"version_affected": "<",
"version_value": "0.21.0"
}]
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID" : "CVE-2018-1002206",
"REQUESTER" : "danny@snyk.io",
"STATE" : "PUBLIC",
"UPDATED" : "2018-05-17T10:52Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SharpCompress",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "0.21.0"
}
]
}
}]
},
"vendor_name": "SharpCompress"
}]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [{
"lang": "eng",
"value": "SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
},
"problemtype": {
"problemtype_data": [{
"description": [{
"lang": "eng",
"value": "CWE-22"
}]
}]
},
"references": {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"url": "https://github.com/snyk/zip-slip-vulnerability"
}, {
"url": "https://github.com/adamhathcock/sharpcompress/pull/374"
}, {
"url": "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6"
}]
}
}
]
},
"vendor_name" : "SharpCompress"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246"
},
{
"name" : "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6",
"refsource" : "CONFIRM",
"url" : "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6"
},
{
"name" : "https://github.com/adamhathcock/sharpcompress/pull/374",
"refsource" : "CONFIRM",
"url" : "https://github.com/adamhathcock/sharpcompress/pull/374"
}
]
}
}

138
2018/1002xxx/CVE-2018-1002207.json
View File

@ -1,58 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z",
"ID": "CVE-2018-1002207",
"REQUESTER": "danny@snyk.io",
"STATE": "PUBLIC",
"UPDATED": "2018-05-17T10:52Z"
},
"affects": {
"vendor": {
"vendor_data": [{
"product": {
"product_data": [{
"product_name": "archiver",
"version": {
"version_data": [{
"version_affected": "<",
"version_value": "e4ef56d48eb029648b0e895bb0b6a393ef0829c3"
}]
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID" : "CVE-2018-1002207",
"REQUESTER" : "danny@snyk.io",
"STATE" : "PUBLIC",
"UPDATED" : "2018-05-17T10:52Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "archiver",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "e4ef56d48eb029648b0e895bb0b6a393ef0829c3"
}
]
}
}]
},
"vendor_name": "golang"
}]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [{
"lang": "eng",
"value": "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
},
"problemtype": {
"problemtype_data": [{
"description": [{
"lang": "eng",
"value": "CWE-22"
}]
}]
},
"references": {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"url": "https://github.com/snyk/zip-slip-vulnerability"
}, {
"url": "https://github.com/mholt/archiver/pull/65"
}, {
"url": "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3"
}]
}
}
]
},
"vendor_name" : "golang"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071"
},
{
"name" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3",
"refsource" : "CONFIRM",
"url" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3"
},
{
"name" : "https://github.com/mholt/archiver/pull/65",
"refsource" : "CONFIRM",
"url" : "https://github.com/mholt/archiver/pull/65"
}
]
}
}

136
2018/1002xxx/CVE-2018-1002208.json
View File

@ -1,56 +1,86 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z",
"ID": "CVE-2018-1002208",
"REQUESTER": "danny@snyk.io",
"STATE": "PUBLIC",
"UPDATED": "2018-06-11T10:52Z"
},
"affects": {
"vendor": {
"vendor_data": [{
"product": {
"product_data": [{
"product_name": "sharplibzip",
"version": {
"version_data": [{
"version_affected": ">",
"version_value": "0"
}]
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID" : "CVE-2018-1002208",
"REQUESTER" : "danny@snyk.io",
"STATE" : "PUBLIC",
"UPDATED" : "2018-06-11T10:52Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "sharplibzip",
"version" : {
"version_data" : [
{
"version_affected" : ">",
"version_value" : "0"
}
]
}
}]
},
"vendor_name": "sharplibzip"
}]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [{
"lang": "eng",
"value": "sharplibzip is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
},
"problemtype": {
"problemtype_data": [{
"description": [{
"lang": "eng",
"value": "CWE-22"
}]
}]
},
"references": {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247"
}, {
"url": "https://github.com/icsharpcode/SharpZipLib/issues/232"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"url": "https://github.com/snyk/zip-slip-vulnerability"
}]
}
}
]
},
"vendor_name" : "sharplibzip"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247"
},
{
"name" : "https://github.com/icsharpcode/SharpZipLib/issues/232",
"refsource" : "CONFIRM",
"url" : "https://github.com/icsharpcode/SharpZipLib/issues/232"
},
{
"name" : "https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0",
"refsource" : "CONFIRM",
"url" : "https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0"
}
]
}
}

129
2018/1002xxx/CVE-2018-1002209.json
View File

@ -1,54 +1,81 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-06-14T10:52Z",
"ID": "CVE-2018-1002209",
"REQUESTER": "danny@snyk.io",
"STATE": "PUBLIC",
"UPDATED": "2018-06-14T10:52Z"
},
"affects": {
"vendor": {
"vendor_data": [{
"product": {
"product_data": [{
"product_name": "quazip",
"version": {
"version_data": [{
"version_affected": "<",
"version_value": "0.7.6"
}]
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-06-14T10:52Z",
"ID" : "CVE-2018-1002209",
"REQUESTER" : "danny@snyk.io",
"STATE" : "PUBLIC",
"UPDATED" : "2018-06-14T10:52Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "quazip",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "0.7.6"
}
]
}
}]
},
"vendor_name": "quazip"
}]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [{
"lang": "eng",
"value": "QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
},
"problemtype": {
"problemtype_data": [{
"description": [{
"lang": "eng",
"value": "CWE-22"
}]
}]
},
"references": {
"reference_data": [{
"url": "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"url": "https://github.com/snyk/zip-slip-vulnerability"
}]
}
}
]
},
"vendor_name" : "quazip"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://github.com/stachenov/quazip/blob/0.7.6/NEWS.txt",
"refsource" : "CONFIRM",
"url" : "https://github.com/stachenov/quazip/blob/0.7.6/NEWS.txt"
},
{
"name" : "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98",
"refsource" : "CONFIRM",
"url" : "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98"
}
]
}
}