From cb866a8d11abda3ecfddaa769e69a1b0be07100e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 25 Jul 2018 13:06:12 -0400 Subject: [PATCH] - Synchronized data. --- 2018/1002xxx/CVE-2018-1002200.json | 138 +++++++++++++++++------------ 2018/1002xxx/CVE-2018-1002201.json | 136 +++++++++++++++++----------- 2018/1002xxx/CVE-2018-1002202.json | 124 +++++++++++++++----------- 2018/1002xxx/CVE-2018-1002203.json | 138 +++++++++++++++++------------ 2018/1002xxx/CVE-2018-1002204.json | 138 +++++++++++++++++------------ 2018/1002xxx/CVE-2018-1002205.json | 138 +++++++++++++++++------------ 2018/1002xxx/CVE-2018-1002206.json | 138 +++++++++++++++++------------ 2018/1002xxx/CVE-2018-1002207.json | 138 +++++++++++++++++------------ 2018/1002xxx/CVE-2018-1002208.json | 136 +++++++++++++++++----------- 2018/1002xxx/CVE-2018-1002209.json | 129 ++++++++++++++++----------- 10 files changed, 815 insertions(+), 538 deletions(-) diff --git a/2018/1002xxx/CVE-2018-1002200.json b/2018/1002xxx/CVE-2018-1002200.json index f0a97b41b76..8c69e9262d0 100644 --- a/2018/1002xxx/CVE-2018-1002200.json +++ b/2018/1002xxx/CVE-2018-1002200.json @@ -1,58 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED": "2018-05-17T10:52Z", - "ID": "CVE-2018-1002200", - "REQUESTER": "danny@snyk.io", - "STATE": "PUBLIC", - "UPDATED": "2018-05-17T10:52Z" - }, - "affects": { - "vendor": { - "vendor_data": [{ - "product": { - "product_data": [{ - "product_name": "plexus-archiver", - "version": { - "version_data": [{ - "version_affected": "<", - "version_value": "3.6.0" - }] + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-05-17T10:52Z", + "ID" : "CVE-2018-1002200", + "REQUESTER" : "danny@snyk.io", + "STATE" : "PUBLIC", + "UPDATED" : "2018-05-17T10:52Z" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "plexus-archiver", + "version" : { + "version_data" : [ + { + "version_affected" : "<", + "version_value" : "3.6.0" + } + ] } - }] - }, - "vendor_name": "Codehaus" - }] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [{ - "lang": "eng", - "value": "plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." - }] - }, - "problemtype": { - "problemtype_data": [{ - "description": [{ - "lang": "eng", - "value": "CWE-22" - }] - }] - }, - "references": { - "reference_data": [{ - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680" - }, { - "url": "https://snyk.io/research/zip-slip-vulnerability" - }, { - "url": "https://github.com/snyk/zip-slip-vulnerability" - }, { - "url": "https://github.com/codehaus-plexus/plexus-archiver/pull/87" - }, { - "url": "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8" - }] - } + } + ] + }, + "vendor_name" : "Codehaus" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/snyk/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://github.com/snyk/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/research/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680", + "refsource" : "MISC", + "url" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680" + }, + { + "name" : "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8", + "refsource" : "CONFIRM", + "url" : "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8" + }, + { + "name" : "https://github.com/codehaus-plexus/plexus-archiver/pull/87", + "refsource" : "CONFIRM", + "url" : "https://github.com/codehaus-plexus/plexus-archiver/pull/87" + } + ] + } } diff --git a/2018/1002xxx/CVE-2018-1002201.json b/2018/1002xxx/CVE-2018-1002201.json index 133bde45bb7..f35f8cf976e 100644 --- a/2018/1002xxx/CVE-2018-1002201.json +++ b/2018/1002xxx/CVE-2018-1002201.json @@ -1,56 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED": "2018-05-17T10:52Z", - "ID": "CVE-2018-1002201", - "REQUESTER": "danny@snyk.io", - "STATE": "PUBLIC", - "UPDATED": "2018-05-17T10:52Z" - }, - "affects": { - "vendor": { - "vendor_data": [{ - "product": { - "product_data": [{ - "product_name": "zt-zip", - "version": { - "version_data": [{ - "version_affected": "<", - "version_value": "1.13" - }] + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-05-17T10:52Z", + "ID" : "CVE-2018-1002201", + "REQUESTER" : "danny@snyk.io", + "STATE" : "PUBLIC", + "UPDATED" : "2018-05-17T10:52Z" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "zt-zip", + "version" : { + "version_data" : [ + { + "version_affected" : "<", + "version_value" : "1.13" + } + ] } - }] - }, - "vendor_name": "zeroturnaround" - }] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [{ - "lang": "eng", - "value": "zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." - }] - }, - "problemtype": { - "problemtype_data": [{ - "description": [{ - "lang": "eng", - "value": "CWE-22" - }] - }] - }, - "references": { - "reference_data": [{ - "url": "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681" - }, { - "url": "https://snyk.io/research/zip-slip-vulnerability" - }, { - "url": "https://github.com/snyk/zip-slip-vulnerability" - }, { - "url": "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff" - }] - } + } + ] + }, + "vendor_name" : "zeroturnaround" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/snyk/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://github.com/snyk/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/research/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681", + "refsource" : "MISC", + "url" : "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681" + }, + { + "name" : "https://github.com/zeroturnaround/zt-zip/blob/zt-zip-1.13/Changelog.txt", + "refsource" : "CONFIRM", + "url" : "https://github.com/zeroturnaround/zt-zip/blob/zt-zip-1.13/Changelog.txt" + }, + { + "name" : "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff", + "refsource" : "CONFIRM", + "url" : "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff" + } + ] + } } diff --git a/2018/1002xxx/CVE-2018-1002202.json b/2018/1002xxx/CVE-2018-1002202.json index 5fba241ed89..60a8f7907d0 100644 --- a/2018/1002xxx/CVE-2018-1002202.json +++ b/2018/1002xxx/CVE-2018-1002202.json @@ -1,54 +1,76 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED": "2018-05-17T10:52Z", - "ID": "CVE-2018-1002202", - "REQUESTER": "danny@snyk.io", - "STATE": "PUBLIC", - "UPDATED": "2018-05-17T10:52Z" - }, - "affects": { - "vendor": { - "vendor_data": [{ - "product": { - "product_data": [{ - "product_name": "zip4j", - "version": { - "version_data": [{ - "version_affected": "<", - "version_value": "1.3.3" - }] + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-05-17T10:52Z", + "ID" : "CVE-2018-1002202", + "REQUESTER" : "danny@snyk.io", + "STATE" : "PUBLIC", + "UPDATED" : "2018-05-17T10:52Z" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "zip4j", + "version" : { + "version_data" : [ + { + "version_affected" : "<", + "version_value" : "1.3.3" + } + ] } - }] - }, - "vendor_name": "zip4j" - }] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [{ - "lang": "eng", - "value": "zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." - }] - }, - "problemtype": { - "problemtype_data": [{ - "description": [{ - "lang": "eng", - "value": "CWE-22" - }] - }] - }, - "references": { - "reference_data": [{ - "url": "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679" - }, { - "url": "https://snyk.io/research/zip-slip-vulnerability" - }, { - "url": "https://github.com/snyk/zip-slip-vulnerability" - }] - } + } + ] + }, + "vendor_name" : "zip4j" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/snyk/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://github.com/snyk/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/research/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679", + "refsource" : "MISC", + "url" : "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679" + } + ] + } } diff --git a/2018/1002xxx/CVE-2018-1002203.json b/2018/1002xxx/CVE-2018-1002203.json index e4f76649f5c..60c927b3ccc 100644 --- a/2018/1002xxx/CVE-2018-1002203.json +++ b/2018/1002xxx/CVE-2018-1002203.json @@ -1,58 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED": "2018-05-17T10:52Z", - "ID": "CVE-2018-1002203", - "REQUESTER": "danny@snyk.io", - "STATE": "PUBLIC", - "UPDATED": "2018-05-17T10:52Z" - }, - "affects": { - "vendor": { - "vendor_data": [{ - "product": { - "product_data": [{ - "product_name": "unzipper", - "version": { - "version_data": [{ - "version_affected": "<", - "version_value": "0.8.13" - }] + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-05-17T10:52Z", + "ID" : "CVE-2018-1002203", + "REQUESTER" : "danny@snyk.io", + "STATE" : "PUBLIC", + "UPDATED" : "2018-05-17T10:52Z" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "unzipper", + "version" : { + "version_data" : [ + { + "version_affected" : "<", + "version_value" : "0.8.13" + } + ] } - }] - }, - "vendor_name": "node.js" - }] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [{ - "lang": "eng", - "value": "unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." - }] - }, - "problemtype": { - "problemtype_data": [{ - "description": [{ - "lang": "eng", - "value": "CWE-22" - }] - }] - }, - "references": { - "reference_data": [{ - "url": "https://snyk.io/vuln/npm:unzipper:20180415" - }, { - "url": "https://snyk.io/research/zip-slip-vulnerability" - }, { - "url": "https://github.com/snyk/zip-slip-vulnerability" - }, { - "url": "https://github.com/ZJONSSON/node-unzipper/pull/59" - }, { - "url": "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd" - }] - } + } + ] + }, + "vendor_name" : "node.js" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/snyk/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://github.com/snyk/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/research/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/vuln/npm:unzipper:20180415", + "refsource" : "MISC", + "url" : "https://snyk.io/vuln/npm:unzipper:20180415" + }, + { + "name" : "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd", + "refsource" : "CONFIRM", + "url" : "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd" + }, + { + "name" : "https://github.com/ZJONSSON/node-unzipper/pull/59", + "refsource" : "CONFIRM", + "url" : "https://github.com/ZJONSSON/node-unzipper/pull/59" + } + ] + } } diff --git a/2018/1002xxx/CVE-2018-1002204.json b/2018/1002xxx/CVE-2018-1002204.json index fa3aeea836f..90cdd6af100 100644 --- a/2018/1002xxx/CVE-2018-1002204.json +++ b/2018/1002xxx/CVE-2018-1002204.json @@ -1,58 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED": "2018-05-17T10:52Z", - "ID": "CVE-2018-1002204", - "REQUESTER": "danny@snyk.io", - "STATE": "PUBLIC", - "UPDATED": "2018-05-17T10:52Z" - }, - "affects": { - "vendor": { - "vendor_data": [{ - "product": { - "product_data": [{ - "product_name": "adm-zip", - "version": { - "version_data": [{ - "version_affected": "<", - "version_value": "0.4.9" - }] + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-05-17T10:52Z", + "ID" : "CVE-2018-1002204", + "REQUESTER" : "danny@snyk.io", + "STATE" : "PUBLIC", + "UPDATED" : "2018-05-17T10:52Z" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "adm-zip", + "version" : { + "version_data" : [ + { + "version_affected" : "<", + "version_value" : "0.4.9" + } + ] } - }] - }, - "vendor_name": "node.js" - }] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [{ - "lang": "eng", - "value": "adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." - }] - }, - "problemtype": { - "problemtype_data": [{ - "description": [{ - "lang": "eng", - "value": "CWE-22" - }] - }] - }, - "references": { - "reference_data": [{ - "url": "https://snyk.io/vuln/npm:adm-zip:20180415" - }, { - "url": "https://snyk.io/research/zip-slip-vulnerability" - }, { - "url": "https://github.com/snyk/zip-slip-vulnerability" - }, { - "url": "https://github.com/cthackers/adm-zip/pull/212" - }, { - "url": "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25" - }] - } + } + ] + }, + "vendor_name" : "node.js" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/snyk/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://github.com/snyk/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/research/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/vuln/npm:adm-zip:20180415", + "refsource" : "MISC", + "url" : "https://snyk.io/vuln/npm:adm-zip:20180415" + }, + { + "name" : "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25", + "refsource" : "CONFIRM", + "url" : "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25" + }, + { + "name" : "https://github.com/cthackers/adm-zip/pull/212", + "refsource" : "CONFIRM", + "url" : "https://github.com/cthackers/adm-zip/pull/212" + } + ] + } } diff --git a/2018/1002xxx/CVE-2018-1002205.json b/2018/1002xxx/CVE-2018-1002205.json index c542612248d..90ff3634564 100644 --- a/2018/1002xxx/CVE-2018-1002205.json +++ b/2018/1002xxx/CVE-2018-1002205.json @@ -1,58 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED": "2018-05-17T10:52Z", - "ID": "CVE-2018-1002205", - "REQUESTER": "danny@snyk.io", - "STATE": "PUBLIC", - "UPDATED": "2018-05-17T10:52Z" - }, - "affects": { - "vendor": { - "vendor_data": [{ - "product": { - "product_data": [{ - "product_name": "DotNetZip.Semvered", - "version": { - "version_data": [{ - "version_affected": "<", - "version_value": "1.11.0" - }] + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-05-17T10:52Z", + "ID" : "CVE-2018-1002205", + "REQUESTER" : "danny@snyk.io", + "STATE" : "PUBLIC", + "UPDATED" : "2018-05-17T10:52Z" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "DotNetZip.Semvered", + "version" : { + "version_data" : [ + { + "version_affected" : "<", + "version_value" : "1.11.0" + } + ] } - }] - }, - "vendor_name": "DotNetZip" - }] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [{ - "lang": "eng", - "value": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." - }] - }, - "problemtype": { - "problemtype_data": [{ - "description": [{ - "lang": "eng", - "value": "CWE-22" - }] - }] - }, - "references": { - "reference_data": [{ - "url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245" - }, { - "url": "https://snyk.io/research/zip-slip-vulnerability" - }, { - "url": "https://github.com/snyk/zip-slip-vulnerability" - }, { - "url": "https://github.com/haf/DotNetZip.Semverd/pull/121" - }, { - "url": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366" - }] - } + } + ] + }, + "vendor_name" : "DotNetZip" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/snyk/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://github.com/snyk/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/research/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245", + "refsource" : "MISC", + "url" : "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245" + }, + { + "name" : "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366", + "refsource" : "CONFIRM", + "url" : "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366" + }, + { + "name" : "https://github.com/haf/DotNetZip.Semverd/pull/121", + "refsource" : "CONFIRM", + "url" : "https://github.com/haf/DotNetZip.Semverd/pull/121" + } + ] + } } diff --git a/2018/1002xxx/CVE-2018-1002206.json b/2018/1002xxx/CVE-2018-1002206.json index e2e300208e5..742935f3dda 100644 --- a/2018/1002xxx/CVE-2018-1002206.json +++ b/2018/1002xxx/CVE-2018-1002206.json @@ -1,58 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED": "2018-05-17T10:52Z", - "ID": "CVE-2018-1002206", - "REQUESTER": "danny@snyk.io", - "STATE": "PUBLIC", - "UPDATED": "2018-05-17T10:52Z" - }, - "affects": { - "vendor": { - "vendor_data": [{ - "product": { - "product_data": [{ - "product_name": "SharpCompress", - "version": { - "version_data": [{ - "version_affected": "<", - "version_value": "0.21.0" - }] + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-05-17T10:52Z", + "ID" : "CVE-2018-1002206", + "REQUESTER" : "danny@snyk.io", + "STATE" : "PUBLIC", + "UPDATED" : "2018-05-17T10:52Z" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "SharpCompress", + "version" : { + "version_data" : [ + { + "version_affected" : "<", + "version_value" : "0.21.0" + } + ] } - }] - }, - "vendor_name": "SharpCompress" - }] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [{ - "lang": "eng", - "value": "SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." - }] - }, - "problemtype": { - "problemtype_data": [{ - "description": [{ - "lang": "eng", - "value": "CWE-22" - }] - }] - }, - "references": { - "reference_data": [{ - "url": "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246" - }, { - "url": "https://snyk.io/research/zip-slip-vulnerability" - }, { - "url": "https://github.com/snyk/zip-slip-vulnerability" - }, { - "url": "https://github.com/adamhathcock/sharpcompress/pull/374" - }, { - "url": "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6" - }] - } + } + ] + }, + "vendor_name" : "SharpCompress" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/snyk/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://github.com/snyk/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/research/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246", + "refsource" : "MISC", + "url" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246" + }, + { + "name" : "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6", + "refsource" : "CONFIRM", + "url" : "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6" + }, + { + "name" : "https://github.com/adamhathcock/sharpcompress/pull/374", + "refsource" : "CONFIRM", + "url" : "https://github.com/adamhathcock/sharpcompress/pull/374" + } + ] + } } diff --git a/2018/1002xxx/CVE-2018-1002207.json b/2018/1002xxx/CVE-2018-1002207.json index 1c405987914..5407d2da52b 100644 --- a/2018/1002xxx/CVE-2018-1002207.json +++ b/2018/1002xxx/CVE-2018-1002207.json @@ -1,58 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED": "2018-05-17T10:52Z", - "ID": "CVE-2018-1002207", - "REQUESTER": "danny@snyk.io", - "STATE": "PUBLIC", - "UPDATED": "2018-05-17T10:52Z" - }, - "affects": { - "vendor": { - "vendor_data": [{ - "product": { - "product_data": [{ - "product_name": "archiver", - "version": { - "version_data": [{ - "version_affected": "<", - "version_value": "e4ef56d48eb029648b0e895bb0b6a393ef0829c3" - }] + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-05-17T10:52Z", + "ID" : "CVE-2018-1002207", + "REQUESTER" : "danny@snyk.io", + "STATE" : "PUBLIC", + "UPDATED" : "2018-05-17T10:52Z" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "archiver", + "version" : { + "version_data" : [ + { + "version_affected" : "<", + "version_value" : "e4ef56d48eb029648b0e895bb0b6a393ef0829c3" + } + ] } - }] - }, - "vendor_name": "golang" - }] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [{ - "lang": "eng", - "value": "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." - }] - }, - "problemtype": { - "problemtype_data": [{ - "description": [{ - "lang": "eng", - "value": "CWE-22" - }] - }] - }, - "references": { - "reference_data": [{ - "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071" - }, { - "url": "https://snyk.io/research/zip-slip-vulnerability" - }, { - "url": "https://github.com/snyk/zip-slip-vulnerability" - }, { - "url": "https://github.com/mholt/archiver/pull/65" - }, { - "url": "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3" - }] - } + } + ] + }, + "vendor_name" : "golang" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/snyk/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://github.com/snyk/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/research/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071", + "refsource" : "MISC", + "url" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071" + }, + { + "name" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3", + "refsource" : "CONFIRM", + "url" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3" + }, + { + "name" : "https://github.com/mholt/archiver/pull/65", + "refsource" : "CONFIRM", + "url" : "https://github.com/mholt/archiver/pull/65" + } + ] + } } diff --git a/2018/1002xxx/CVE-2018-1002208.json b/2018/1002xxx/CVE-2018-1002208.json index 7f8852a01fc..e78283b014b 100644 --- a/2018/1002xxx/CVE-2018-1002208.json +++ b/2018/1002xxx/CVE-2018-1002208.json @@ -1,56 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED": "2018-05-17T10:52Z", - "ID": "CVE-2018-1002208", - "REQUESTER": "danny@snyk.io", - "STATE": "PUBLIC", - "UPDATED": "2018-06-11T10:52Z" - }, - "affects": { - "vendor": { - "vendor_data": [{ - "product": { - "product_data": [{ - "product_name": "sharplibzip", - "version": { - "version_data": [{ - "version_affected": ">", - "version_value": "0" - }] + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-05-17T10:52Z", + "ID" : "CVE-2018-1002208", + "REQUESTER" : "danny@snyk.io", + "STATE" : "PUBLIC", + "UPDATED" : "2018-06-11T10:52Z" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "sharplibzip", + "version" : { + "version_data" : [ + { + "version_affected" : ">", + "version_value" : "0" + } + ] } - }] - }, - "vendor_name": "sharplibzip" - }] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [{ - "lang": "eng", - "value": "sharplibzip is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." - }] - }, - "problemtype": { - "problemtype_data": [{ - "description": [{ - "lang": "eng", - "value": "CWE-22" - }] - }] - }, - "references": { - "reference_data": [{ - "url": "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247" - }, { - "url": "https://github.com/icsharpcode/SharpZipLib/issues/232" - }, { - "url": "https://snyk.io/research/zip-slip-vulnerability" - }, { - "url": "https://github.com/snyk/zip-slip-vulnerability" - }] - } + } + ] + }, + "vendor_name" : "sharplibzip" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/snyk/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://github.com/snyk/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/research/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247", + "refsource" : "MISC", + "url" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247" + }, + { + "name" : "https://github.com/icsharpcode/SharpZipLib/issues/232", + "refsource" : "CONFIRM", + "url" : "https://github.com/icsharpcode/SharpZipLib/issues/232" + }, + { + "name" : "https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0", + "refsource" : "CONFIRM", + "url" : "https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0" + } + ] + } } diff --git a/2018/1002xxx/CVE-2018-1002209.json b/2018/1002xxx/CVE-2018-1002209.json index 39bfe0d93a7..8c6b4b951c4 100644 --- a/2018/1002xxx/CVE-2018-1002209.json +++ b/2018/1002xxx/CVE-2018-1002209.json @@ -1,54 +1,81 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED": "2018-06-14T10:52Z", - "ID": "CVE-2018-1002209", - "REQUESTER": "danny@snyk.io", - "STATE": "PUBLIC", - "UPDATED": "2018-06-14T10:52Z" - }, - "affects": { - "vendor": { - "vendor_data": [{ - "product": { - "product_data": [{ - "product_name": "quazip", - "version": { - "version_data": [{ - "version_affected": "<", - "version_value": "0.7.6" - }] + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-06-14T10:52Z", + "ID" : "CVE-2018-1002209", + "REQUESTER" : "danny@snyk.io", + "STATE" : "PUBLIC", + "UPDATED" : "2018-06-14T10:52Z" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "quazip", + "version" : { + "version_data" : [ + { + "version_affected" : "<", + "version_value" : "0.7.6" + } + ] } - }] - }, - "vendor_name": "quazip" - }] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [{ - "lang": "eng", - "value": "QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." - }] - }, - "problemtype": { - "problemtype_data": [{ - "description": [{ - "lang": "eng", - "value": "CWE-22" - }] - }] - }, - "references": { - "reference_data": [{ - "url": "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98" - }, { - "url": "https://snyk.io/research/zip-slip-vulnerability" - }, { - "url": "https://github.com/snyk/zip-slip-vulnerability" - }] - } + } + ] + }, + "vendor_name" : "quazip" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/snyk/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://github.com/snyk/zip-slip-vulnerability" + }, + { + "name" : "https://snyk.io/research/zip-slip-vulnerability", + "refsource" : "MISC", + "url" : "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name" : "https://github.com/stachenov/quazip/blob/0.7.6/NEWS.txt", + "refsource" : "CONFIRM", + "url" : "https://github.com/stachenov/quazip/blob/0.7.6/NEWS.txt" + }, + { + "name" : "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98", + "refsource" : "CONFIRM", + "url" : "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98" + } + ] + } }