admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-07-25 13:06:12 -04:00
parent ebaee51c48
commit cb866a8d11
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 815 additions and 538 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
2018/1002xxx/CVE-2018-1002200.json
View File

@ -9,50 +9,78 @@
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data": [{ "vendor_data" : [
{
"product" : { "product" : {
"product_data": [{ "product_data" : [
{
"product_name" : "plexus-archiver", "product_name" : "plexus-archiver",
"version" : { "version" : {
"version_data": [{ "version_data" : [
{
"version_affected" : "<", "version_affected" : "<",
"version_value" : "3.6.0" "version_value" : "3.6.0"
}]
} }
}] ]
}
}
]
}, },
"vendor_name" : "Codehaus" "vendor_name" : "Codehaus"
}] }
]
} }
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
"data_version" : "4.0", "data_version" : "4.0",
"description" : { "description" : {
"description_data": [{ "description_data" : [
{
"lang" : "eng", "lang" : "eng",
"value": "plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "value" : "plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}] }
]
}, },
"problemtype" : { "problemtype" : {
"problemtype_data": [{ "problemtype_data" : [
"description": [{ {
"description" : [
{
"lang" : "eng", "lang" : "eng",
"value" : "CWE-22" "value" : "CWE-22"
}] }
}] ]
}
]
}, },
"references" : { "references" : {
"reference_data": [{ "reference_data" : [
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680" {
}, { "name" : "https://github.com/snyk/zip-slip-vulnerability",
"url": "https://snyk.io/research/zip-slip-vulnerability" "refsource" : "MISC",
}, {
"url" : "https://github.com/snyk/zip-slip-vulnerability" "url" : "https://github.com/snyk/zip-slip-vulnerability"
}, { },
"url": "https://github.com/codehaus-plexus/plexus-archiver/pull/87" {
}, { "name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680"
},
{
"name" : "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8",
"refsource" : "CONFIRM",
"url" : "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8" "url" : "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8"
}] },
{
"name" : "https://github.com/codehaus-plexus/plexus-archiver/pull/87",
"refsource" : "CONFIRM",
"url" : "https://github.com/codehaus-plexus/plexus-archiver/pull/87"
}
]
} }
} }

70
2018/1002xxx/CVE-2018-1002201.json
View File

@ -9,48 +9,78 @@
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data": [{ "vendor_data" : [
{
"product" : { "product" : {
"product_data": [{ "product_data" : [
{
"product_name" : "zt-zip", "product_name" : "zt-zip",
"version" : { "version" : {
"version_data": [{ "version_data" : [
{
"version_affected" : "<", "version_affected" : "<",
"version_value" : "1.13" "version_value" : "1.13"
}]
} }
}] ]
}
}
]
}, },
"vendor_name" : "zeroturnaround" "vendor_name" : "zeroturnaround"
}] }
]
} }
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
"data_version" : "4.0", "data_version" : "4.0",
"description" : { "description" : {
"description_data": [{ "description_data" : [
{
"lang" : "eng", "lang" : "eng",
"value": "zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "value" : "zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}] }
]
}, },
"problemtype" : { "problemtype" : {
"problemtype_data": [{ "problemtype_data" : [
"description": [{ {
"description" : [
{
"lang" : "eng", "lang" : "eng",
"value" : "CWE-22" "value" : "CWE-22"
}] }
}] ]
}
]
}, },
"references" : { "references" : {
"reference_data": [{ "reference_data" : [
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681" {
}, { "name" : "https://github.com/snyk/zip-slip-vulnerability",
"url": "https://snyk.io/research/zip-slip-vulnerability" "refsource" : "MISC",
}, {
"url" : "https://github.com/snyk/zip-slip-vulnerability" "url" : "https://github.com/snyk/zip-slip-vulnerability"
}, { },
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681"
},
{
"name" : "https://github.com/zeroturnaround/zt-zip/blob/zt-zip-1.13/Changelog.txt",
"refsource" : "CONFIRM",
"url" : "https://github.com/zeroturnaround/zt-zip/blob/zt-zip-1.13/Changelog.txt"
},
{
"name" : "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff",
"refsource" : "CONFIRM",
"url" : "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff" "url" : "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff"
}] }
]
} }
} }

60
2018/1002xxx/CVE-2018-1002202.json
View File

@ -9,46 +9,68 @@
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data": [{ "vendor_data" : [
{
"product" : { "product" : {
"product_data": [{ "product_data" : [
{
"product_name" : "zip4j", "product_name" : "zip4j",
"version" : { "version" : {
"version_data": [{ "version_data" : [
{
"version_affected" : "<", "version_affected" : "<",
"version_value" : "1.3.3" "version_value" : "1.3.3"
}]
} }
}] ]
}
}
]
}, },
"vendor_name" : "zip4j" "vendor_name" : "zip4j"
}] }
]
} }
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
"data_version" : "4.0", "data_version" : "4.0",
"description" : { "description" : {
"description_data": [{ "description_data" : [
{
"lang" : "eng", "lang" : "eng",
"value": "zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "value" : "zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}] }
]
}, },
"problemtype" : { "problemtype" : {
"problemtype_data": [{ "problemtype_data" : [
"description": [{ {
"description" : [
{
"lang" : "eng", "lang" : "eng",
"value" : "CWE-22" "value" : "CWE-22"
}] }
}] ]
}
]
}, },
"references" : { "references" : {
"reference_data": [{ "reference_data" : [
"url": "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679" {
}, { "name" : "https://github.com/snyk/zip-slip-vulnerability",
"url": "https://snyk.io/research/zip-slip-vulnerability" "refsource" : "MISC",
}, {
"url" : "https://github.com/snyk/zip-slip-vulnerability" "url" : "https://github.com/snyk/zip-slip-vulnerability"
}] },
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679"
}
]
} }
} }

72
2018/1002xxx/CVE-2018-1002203.json
View File

@ -9,50 +9,78 @@
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data": [{ "vendor_data" : [
{
"product" : { "product" : {
"product_data": [{ "product_data" : [
{
"product_name" : "unzipper", "product_name" : "unzipper",
"version" : { "version" : {
"version_data": [{ "version_data" : [
{
"version_affected" : "<", "version_affected" : "<",
"version_value" : "0.8.13" "version_value" : "0.8.13"
}]
} }
}] ]
}
}
]
}, },
"vendor_name" : "node.js" "vendor_name" : "node.js"
}] }
]
} }
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
"data_version" : "4.0", "data_version" : "4.0",
"description" : { "description" : {
"description_data": [{ "description_data" : [
{
"lang" : "eng", "lang" : "eng",
"value": "unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "value" : "unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}] }
]
}, },
"problemtype" : { "problemtype" : {
"problemtype_data": [{ "problemtype_data" : [
"description": [{ {
"description" : [
{
"lang" : "eng", "lang" : "eng",
"value" : "CWE-22" "value" : "CWE-22"
}] }
}] ]
}
]
}, },
"references" : { "references" : {
"reference_data": [{ "reference_data" : [
"url": "https://snyk.io/vuln/npm:unzipper:20180415" {
}, { "name" : "https://github.com/snyk/zip-slip-vulnerability",
"url": "https://snyk.io/research/zip-slip-vulnerability" "refsource" : "MISC",
}, {
"url" : "https://github.com/snyk/zip-slip-vulnerability" "url" : "https://github.com/snyk/zip-slip-vulnerability"
}, { },
"url": "https://github.com/ZJONSSON/node-unzipper/pull/59" {
}, { "name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/npm:unzipper:20180415",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/npm:unzipper:20180415"
},
{
"name" : "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd",
"refsource" : "CONFIRM",
"url" : "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd" "url" : "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd"
}] },
{
"name" : "https://github.com/ZJONSSON/node-unzipper/pull/59",
"refsource" : "CONFIRM",
"url" : "https://github.com/ZJONSSON/node-unzipper/pull/59"
}
]
} }
} }

72
2018/1002xxx/CVE-2018-1002204.json
View File

@ -9,50 +9,78 @@
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data": [{ "vendor_data" : [
{
"product" : { "product" : {
"product_data": [{ "product_data" : [
{
"product_name" : "adm-zip", "product_name" : "adm-zip",
"version" : { "version" : {
"version_data": [{ "version_data" : [
{
"version_affected" : "<", "version_affected" : "<",
"version_value" : "0.4.9" "version_value" : "0.4.9"
}]
} }
}] ]
}
}
]
}, },
"vendor_name" : "node.js" "vendor_name" : "node.js"
}] }
]
} }
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
"data_version" : "4.0", "data_version" : "4.0",
"description" : { "description" : {
"description_data": [{ "description_data" : [
{
"lang" : "eng", "lang" : "eng",
"value": "adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "value" : "adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}] }
]
}, },
"problemtype" : { "problemtype" : {
"problemtype_data": [{ "problemtype_data" : [
"description": [{ {
"description" : [
{
"lang" : "eng", "lang" : "eng",
"value" : "CWE-22" "value" : "CWE-22"
}] }
}] ]
}
]
}, },
"references" : { "references" : {
"reference_data": [{ "reference_data" : [
"url": "https://snyk.io/vuln/npm:adm-zip:20180415" {
}, { "name" : "https://github.com/snyk/zip-slip-vulnerability",
"url": "https://snyk.io/research/zip-slip-vulnerability" "refsource" : "MISC",
}, {
"url" : "https://github.com/snyk/zip-slip-vulnerability" "url" : "https://github.com/snyk/zip-slip-vulnerability"
}, { },
"url": "https://github.com/cthackers/adm-zip/pull/212" {
}, { "name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/npm:adm-zip:20180415",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/npm:adm-zip:20180415"
},
{
"name" : "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25",
"refsource" : "CONFIRM",
"url" : "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25" "url" : "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25"
}] },
{
"name" : "https://github.com/cthackers/adm-zip/pull/212",
"refsource" : "CONFIRM",
"url" : "https://github.com/cthackers/adm-zip/pull/212"
}
]
} }
} }

72
2018/1002xxx/CVE-2018-1002205.json
View File

@ -9,50 +9,78 @@
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data": [{ "vendor_data" : [
{
"product" : { "product" : {
"product_data": [{ "product_data" : [
{
"product_name" : "DotNetZip.Semvered", "product_name" : "DotNetZip.Semvered",
"version" : { "version" : {
"version_data": [{ "version_data" : [
{
"version_affected" : "<", "version_affected" : "<",
"version_value" : "1.11.0" "version_value" : "1.11.0"
}]
} }
}] ]
}
}
]
}, },
"vendor_name" : "DotNetZip" "vendor_name" : "DotNetZip"
}] }
]
} }
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
"data_version" : "4.0", "data_version" : "4.0",
"description" : { "description" : {
"description_data": [{ "description_data" : [
{
"lang" : "eng", "lang" : "eng",
"value": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "value" : "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}] }
]
}, },
"problemtype" : { "problemtype" : {
"problemtype_data": [{ "problemtype_data" : [
"description": [{ {
"description" : [
{
"lang" : "eng", "lang" : "eng",
"value" : "CWE-22" "value" : "CWE-22"
}] }
}] ]
}
]
}, },
"references" : { "references" : {
"reference_data": [{ "reference_data" : [
"url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245" {
}, { "name" : "https://github.com/snyk/zip-slip-vulnerability",
"url": "https://snyk.io/research/zip-slip-vulnerability" "refsource" : "MISC",
}, {
"url" : "https://github.com/snyk/zip-slip-vulnerability" "url" : "https://github.com/snyk/zip-slip-vulnerability"
}, { },
"url": "https://github.com/haf/DotNetZip.Semverd/pull/121" {
}, { "name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
},
{
"name" : "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366",
"refsource" : "CONFIRM",
"url" : "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366" "url" : "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
}] },
{
"name" : "https://github.com/haf/DotNetZip.Semverd/pull/121",
"refsource" : "CONFIRM",
"url" : "https://github.com/haf/DotNetZip.Semverd/pull/121"
}
]
} }
} }

72
2018/1002xxx/CVE-2018-1002206.json
View File

@ -9,50 +9,78 @@
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data": [{ "vendor_data" : [
{
"product" : { "product" : {
"product_data": [{ "product_data" : [
{
"product_name" : "SharpCompress", "product_name" : "SharpCompress",
"version" : { "version" : {
"version_data": [{ "version_data" : [
{
"version_affected" : "<", "version_affected" : "<",
"version_value" : "0.21.0" "version_value" : "0.21.0"
}]
} }
}] ]
}
}
]
}, },
"vendor_name" : "SharpCompress" "vendor_name" : "SharpCompress"
}] }
]
} }
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
"data_version" : "4.0", "data_version" : "4.0",
"description" : { "description" : {
"description_data": [{ "description_data" : [
{
"lang" : "eng", "lang" : "eng",
"value": "SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "value" : "SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}] }
]
}, },
"problemtype" : { "problemtype" : {
"problemtype_data": [{ "problemtype_data" : [
"description": [{ {
"description" : [
{
"lang" : "eng", "lang" : "eng",
"value" : "CWE-22" "value" : "CWE-22"
}] }
}] ]
}
]
}, },
"references" : { "references" : {
"reference_data": [{ "reference_data" : [
"url": "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246" {
}, { "name" : "https://github.com/snyk/zip-slip-vulnerability",
"url": "https://snyk.io/research/zip-slip-vulnerability" "refsource" : "MISC",
}, {
"url" : "https://github.com/snyk/zip-slip-vulnerability" "url" : "https://github.com/snyk/zip-slip-vulnerability"
}, { },
"url": "https://github.com/adamhathcock/sharpcompress/pull/374" {
}, { "name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246"
},
{
"name" : "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6",
"refsource" : "CONFIRM",
"url" : "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6" "url" : "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6"
}] },
{
"name" : "https://github.com/adamhathcock/sharpcompress/pull/374",
"refsource" : "CONFIRM",
"url" : "https://github.com/adamhathcock/sharpcompress/pull/374"
}
]
} }
} }

72
2018/1002xxx/CVE-2018-1002207.json
View File

@ -9,50 +9,78 @@
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data": [{ "vendor_data" : [
{
"product" : { "product" : {
"product_data": [{ "product_data" : [
{
"product_name" : "archiver", "product_name" : "archiver",
"version" : { "version" : {
"version_data": [{ "version_data" : [
{
"version_affected" : "<", "version_affected" : "<",
"version_value" : "e4ef56d48eb029648b0e895bb0b6a393ef0829c3" "version_value" : "e4ef56d48eb029648b0e895bb0b6a393ef0829c3"
}]
} }
}] ]
}
}
]
}, },
"vendor_name" : "golang" "vendor_name" : "golang"
}] }
]
} }
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
"data_version" : "4.0", "data_version" : "4.0",
"description" : { "description" : {
"description_data": [{ "description_data" : [
{
"lang" : "eng", "lang" : "eng",
"value": "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "value" : "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}] }
]
}, },
"problemtype" : { "problemtype" : {
"problemtype_data": [{ "problemtype_data" : [
"description": [{ {
"description" : [
{
"lang" : "eng", "lang" : "eng",
"value" : "CWE-22" "value" : "CWE-22"
}] }
}] ]
}
]
}, },
"references" : { "references" : {
"reference_data": [{ "reference_data" : [
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071" {
}, { "name" : "https://github.com/snyk/zip-slip-vulnerability",
"url": "https://snyk.io/research/zip-slip-vulnerability" "refsource" : "MISC",
}, {
"url" : "https://github.com/snyk/zip-slip-vulnerability" "url" : "https://github.com/snyk/zip-slip-vulnerability"
}, { },
"url": "https://github.com/mholt/archiver/pull/65" {
}, { "name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071"
},
{
"name" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3",
"refsource" : "CONFIRM",
"url" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3" "url" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3"
}] },
{
"name" : "https://github.com/mholt/archiver/pull/65",
"refsource" : "CONFIRM",
"url" : "https://github.com/mholt/archiver/pull/65"
}
]
} }
} }

72
2018/1002xxx/CVE-2018-1002208.json
View File

@ -9,48 +9,78 @@
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data": [{ "vendor_data" : [
{
"product" : { "product" : {
"product_data": [{ "product_data" : [
{
"product_name" : "sharplibzip", "product_name" : "sharplibzip",
"version" : { "version" : {
"version_data": [{ "version_data" : [
{
"version_affected" : ">", "version_affected" : ">",
"version_value" : "0" "version_value" : "0"
}]
} }
}] ]
}
}
]
}, },
"vendor_name" : "sharplibzip" "vendor_name" : "sharplibzip"
}] }
]
} }
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
"data_version" : "4.0", "data_version" : "4.0",
"description" : { "description" : {
"description_data": [{ "description_data" : [
{
"lang" : "eng", "lang" : "eng",
"value": "sharplibzip is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "value" : "sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}] }
]
}, },
"problemtype" : { "problemtype" : {
"problemtype_data": [{ "problemtype_data" : [
"description": [{ {
"description" : [
{
"lang" : "eng", "lang" : "eng",
"value" : "CWE-22" "value" : "CWE-22"
}] }
}] ]
}
]
}, },
"references" : { "references" : {
"reference_data": [{ "reference_data" : [
"url": "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247" {
}, { "name" : "https://github.com/snyk/zip-slip-vulnerability",
"url": "https://github.com/icsharpcode/SharpZipLib/issues/232" "refsource" : "MISC",
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"url" : "https://github.com/snyk/zip-slip-vulnerability" "url" : "https://github.com/snyk/zip-slip-vulnerability"
}] },
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247"
},
{
"name" : "https://github.com/icsharpcode/SharpZipLib/issues/232",
"refsource" : "CONFIRM",
"url" : "https://github.com/icsharpcode/SharpZipLib/issues/232"
},
{
"name" : "https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0",
"refsource" : "CONFIRM",
"url" : "https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0"
}
]
} }
} }

65
2018/1002xxx/CVE-2018-1002209.json
View File

@ -9,46 +9,73 @@
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data": [{ "vendor_data" : [
{
"product" : { "product" : {
"product_data": [{ "product_data" : [
{
"product_name" : "quazip", "product_name" : "quazip",
"version" : { "version" : {
"version_data": [{ "version_data" : [
{
"version_affected" : "<", "version_affected" : "<",
"version_value" : "0.7.6" "version_value" : "0.7.6"
}]
} }
}] ]
}
}
]
}, },
"vendor_name" : "quazip" "vendor_name" : "quazip"
}] }
]
} }
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
"data_version" : "4.0", "data_version" : "4.0",
"description" : { "description" : {
"description_data": [{ "description_data" : [
{
"lang" : "eng", "lang" : "eng",
"value": "QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "value" : "QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}] }
]
}, },
"problemtype" : { "problemtype" : {
"problemtype_data": [{ "problemtype_data" : [
"description": [{ {
"description" : [
{
"lang" : "eng", "lang" : "eng",
"value" : "CWE-22" "value" : "CWE-22"
}] }
}] ]
}
]
}, },
"references" : { "references" : {
"reference_data": [{ "reference_data" : [
"url": "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98" {
}, { "name" : "https://github.com/snyk/zip-slip-vulnerability",
"url": "https://snyk.io/research/zip-slip-vulnerability" "refsource" : "MISC",
}, {
"url" : "https://github.com/snyk/zip-slip-vulnerability" "url" : "https://github.com/snyk/zip-slip-vulnerability"
}] },
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://github.com/stachenov/quazip/blob/0.7.6/NEWS.txt",
"refsource" : "CONFIRM",
"url" : "https://github.com/stachenov/quazip/blob/0.7.6/NEWS.txt"
},
{
"name" : "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98",
"refsource" : "CONFIRM",
"url" : "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98"
}
]
} }
} }