admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-07-25 13:06:12 -04:00
parent ebaee51c48
commit cb866a8d11
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 815 additions and 538 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
2018/1002xxx/CVE-2018-1002200.json
View File

@ -1,58 +1,86 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z", "DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID": "CVE-2018-1002200", "ID" : "CVE-2018-1002200",
"REQUESTER": "danny@snyk.io", "REQUESTER" : "danny@snyk.io",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"UPDATED": "2018-05-17T10:52Z" "UPDATED" : "2018-05-17T10:52Z"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [{ "vendor_data" : [
"product": { {
"product_data": [{ "product" : {
"product_name": "plexus-archiver", "product_data" : [
"version": { {
"version_data": [{ "product_name" : "plexus-archiver",
"version_affected": "<", "version" : {
"version_value": "3.6.0" "version_data" : [
}] {
"version_affected" : "<",
"version_value" : "3.6.0"
}
]
} }
}] }
}, ]
"vendor_name": "Codehaus" },
}] "vendor_name" : "Codehaus"
} }
}, ]
"data_format": "MITRE", }
"data_type": "CVE", },
"data_version": "4.0", "data_format" : "MITRE",
"description": { "data_type" : "CVE",
"description_data": [{ "data_version" : "4.0",
"lang": "eng", "description" : {
"value": "plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "description_data" : [
}] {
}, "lang" : "eng",
"problemtype": { "value" : "plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
"problemtype_data": [{ }
"description": [{ ]
"lang": "eng", },
"value": "CWE-22" "problemtype" : {
}] "problemtype_data" : [
}] {
}, "description" : [
"references": { {
"reference_data": [{ "lang" : "eng",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680" "value" : "CWE-22"
}, { }
"url": "https://snyk.io/research/zip-slip-vulnerability" ]
}, { }
"url": "https://github.com/snyk/zip-slip-vulnerability" ]
}, { },
"url": "https://github.com/codehaus-plexus/plexus-archiver/pull/87" "references" : {
}, { "reference_data" : [
"url": "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8" {
}] "name" : "https://github.com/snyk/zip-slip-vulnerability",
} "refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680"
},
{
"name" : "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8",
"refsource" : "CONFIRM",
"url" : "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8"
},
{
"name" : "https://github.com/codehaus-plexus/plexus-archiver/pull/87",
"refsource" : "CONFIRM",
"url" : "https://github.com/codehaus-plexus/plexus-archiver/pull/87"
}
]
}
} }

136
2018/1002xxx/CVE-2018-1002201.json
View File

@ -1,56 +1,86 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z", "DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID": "CVE-2018-1002201", "ID" : "CVE-2018-1002201",
"REQUESTER": "danny@snyk.io", "REQUESTER" : "danny@snyk.io",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"UPDATED": "2018-05-17T10:52Z" "UPDATED" : "2018-05-17T10:52Z"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [{ "vendor_data" : [
"product": { {
"product_data": [{ "product" : {
"product_name": "zt-zip", "product_data" : [
"version": { {
"version_data": [{ "product_name" : "zt-zip",
"version_affected": "<", "version" : {
"version_value": "1.13" "version_data" : [
}] {
"version_affected" : "<",
"version_value" : "1.13"
}
]
} }
}] }
}, ]
"vendor_name": "zeroturnaround" },
}] "vendor_name" : "zeroturnaround"
} }
}, ]
"data_format": "MITRE", }
"data_type": "CVE", },
"data_version": "4.0", "data_format" : "MITRE",
"description": { "data_type" : "CVE",
"description_data": [{ "data_version" : "4.0",
"lang": "eng", "description" : {
"value": "zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "description_data" : [
}] {
}, "lang" : "eng",
"problemtype": { "value" : "zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
"problemtype_data": [{ }
"description": [{ ]
"lang": "eng", },
"value": "CWE-22" "problemtype" : {
}] "problemtype_data" : [
}] {
}, "description" : [
"references": { {
"reference_data": [{ "lang" : "eng",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681" "value" : "CWE-22"
}, { }
"url": "https://snyk.io/research/zip-slip-vulnerability" ]
}, { }
"url": "https://github.com/snyk/zip-slip-vulnerability" ]
}, { },
"url": "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff" "references" : {
}] "reference_data" : [
} {
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681"
},
{
"name" : "https://github.com/zeroturnaround/zt-zip/blob/zt-zip-1.13/Changelog.txt",
"refsource" : "CONFIRM",
"url" : "https://github.com/zeroturnaround/zt-zip/blob/zt-zip-1.13/Changelog.txt"
},
{
"name" : "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff",
"refsource" : "CONFIRM",
"url" : "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff"
}
]
}
} }

124
2018/1002xxx/CVE-2018-1002202.json
View File

@ -1,54 +1,76 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z", "DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID": "CVE-2018-1002202", "ID" : "CVE-2018-1002202",
"REQUESTER": "danny@snyk.io", "REQUESTER" : "danny@snyk.io",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"UPDATED": "2018-05-17T10:52Z" "UPDATED" : "2018-05-17T10:52Z"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [{ "vendor_data" : [
"product": { {
"product_data": [{ "product" : {
"product_name": "zip4j", "product_data" : [
"version": { {
"version_data": [{ "product_name" : "zip4j",
"version_affected": "<", "version" : {
"version_value": "1.3.3" "version_data" : [
}] {
"version_affected" : "<",
"version_value" : "1.3.3"
}
]
} }
}] }
}, ]
"vendor_name": "zip4j" },
}] "vendor_name" : "zip4j"
} }
}, ]
"data_format": "MITRE", }
"data_type": "CVE", },
"data_version": "4.0", "data_format" : "MITRE",
"description": { "data_type" : "CVE",
"description_data": [{ "data_version" : "4.0",
"lang": "eng", "description" : {
"value": "zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "description_data" : [
}] {
}, "lang" : "eng",
"problemtype": { "value" : "zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
"problemtype_data": [{ }
"description": [{ ]
"lang": "eng", },
"value": "CWE-22" "problemtype" : {
}] "problemtype_data" : [
}] {
}, "description" : [
"references": { {
"reference_data": [{ "lang" : "eng",
"url": "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679" "value" : "CWE-22"
}, { }
"url": "https://snyk.io/research/zip-slip-vulnerability" ]
}, { }
"url": "https://github.com/snyk/zip-slip-vulnerability" ]
}] },
} "references" : {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679"
}
]
}
} }

138
2018/1002xxx/CVE-2018-1002203.json
View File

@ -1,58 +1,86 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z", "DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID": "CVE-2018-1002203", "ID" : "CVE-2018-1002203",
"REQUESTER": "danny@snyk.io", "REQUESTER" : "danny@snyk.io",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"UPDATED": "2018-05-17T10:52Z" "UPDATED" : "2018-05-17T10:52Z"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [{ "vendor_data" : [
"product": { {
"product_data": [{ "product" : {
"product_name": "unzipper", "product_data" : [
"version": { {
"version_data": [{ "product_name" : "unzipper",
"version_affected": "<", "version" : {
"version_value": "0.8.13" "version_data" : [
}] {
"version_affected" : "<",
"version_value" : "0.8.13"
}
]
} }
}] }
}, ]
"vendor_name": "node.js" },
}] "vendor_name" : "node.js"
} }
}, ]
"data_format": "MITRE", }
"data_type": "CVE", },
"data_version": "4.0", "data_format" : "MITRE",
"description": { "data_type" : "CVE",
"description_data": [{ "data_version" : "4.0",
"lang": "eng", "description" : {
"value": "unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "description_data" : [
}] {
}, "lang" : "eng",
"problemtype": { "value" : "unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
"problemtype_data": [{ }
"description": [{ ]
"lang": "eng", },
"value": "CWE-22" "problemtype" : {
}] "problemtype_data" : [
}] {
}, "description" : [
"references": { {
"reference_data": [{ "lang" : "eng",
"url": "https://snyk.io/vuln/npm:unzipper:20180415" "value" : "CWE-22"
}, { }
"url": "https://snyk.io/research/zip-slip-vulnerability" ]
}, { }
"url": "https://github.com/snyk/zip-slip-vulnerability" ]
}, { },
"url": "https://github.com/ZJONSSON/node-unzipper/pull/59" "references" : {
}, { "reference_data" : [
"url": "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd" {
}] "name" : "https://github.com/snyk/zip-slip-vulnerability",
} "refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/npm:unzipper:20180415",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/npm:unzipper:20180415"
},
{
"name" : "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd",
"refsource" : "CONFIRM",
"url" : "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd"
},
{
"name" : "https://github.com/ZJONSSON/node-unzipper/pull/59",
"refsource" : "CONFIRM",
"url" : "https://github.com/ZJONSSON/node-unzipper/pull/59"
}
]
}
} }

138
2018/1002xxx/CVE-2018-1002204.json
View File

@ -1,58 +1,86 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z", "DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID": "CVE-2018-1002204", "ID" : "CVE-2018-1002204",
"REQUESTER": "danny@snyk.io", "REQUESTER" : "danny@snyk.io",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"UPDATED": "2018-05-17T10:52Z" "UPDATED" : "2018-05-17T10:52Z"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [{ "vendor_data" : [
"product": { {
"product_data": [{ "product" : {
"product_name": "adm-zip", "product_data" : [
"version": { {
"version_data": [{ "product_name" : "adm-zip",
"version_affected": "<", "version" : {
"version_value": "0.4.9" "version_data" : [
}] {
"version_affected" : "<",
"version_value" : "0.4.9"
}
]
} }
}] }
}, ]
"vendor_name": "node.js" },
}] "vendor_name" : "node.js"
} }
}, ]
"data_format": "MITRE", }
"data_type": "CVE", },
"data_version": "4.0", "data_format" : "MITRE",
"description": { "data_type" : "CVE",
"description_data": [{ "data_version" : "4.0",
"lang": "eng", "description" : {
"value": "adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "description_data" : [
}] {
}, "lang" : "eng",
"problemtype": { "value" : "adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
"problemtype_data": [{ }
"description": [{ ]
"lang": "eng", },
"value": "CWE-22" "problemtype" : {
}] "problemtype_data" : [
}] {
}, "description" : [
"references": { {
"reference_data": [{ "lang" : "eng",
"url": "https://snyk.io/vuln/npm:adm-zip:20180415" "value" : "CWE-22"
}, { }
"url": "https://snyk.io/research/zip-slip-vulnerability" ]
}, { }
"url": "https://github.com/snyk/zip-slip-vulnerability" ]
}, { },
"url": "https://github.com/cthackers/adm-zip/pull/212" "references" : {
}, { "reference_data" : [
"url": "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25" {
}] "name" : "https://github.com/snyk/zip-slip-vulnerability",
} "refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/npm:adm-zip:20180415",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/npm:adm-zip:20180415"
},
{
"name" : "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25",
"refsource" : "CONFIRM",
"url" : "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25"
},
{
"name" : "https://github.com/cthackers/adm-zip/pull/212",
"refsource" : "CONFIRM",
"url" : "https://github.com/cthackers/adm-zip/pull/212"
}
]
}
} }

138
2018/1002xxx/CVE-2018-1002205.json
View File

@ -1,58 +1,86 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z", "DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID": "CVE-2018-1002205", "ID" : "CVE-2018-1002205",
"REQUESTER": "danny@snyk.io", "REQUESTER" : "danny@snyk.io",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"UPDATED": "2018-05-17T10:52Z" "UPDATED" : "2018-05-17T10:52Z"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [{ "vendor_data" : [
"product": { {
"product_data": [{ "product" : {
"product_name": "DotNetZip.Semvered", "product_data" : [
"version": { {
"version_data": [{ "product_name" : "DotNetZip.Semvered",
"version_affected": "<", "version" : {
"version_value": "1.11.0" "version_data" : [
}] {
"version_affected" : "<",
"version_value" : "1.11.0"
}
]
} }
}] }
}, ]
"vendor_name": "DotNetZip" },
}] "vendor_name" : "DotNetZip"
} }
}, ]
"data_format": "MITRE", }
"data_type": "CVE", },
"data_version": "4.0", "data_format" : "MITRE",
"description": { "data_type" : "CVE",
"description_data": [{ "data_version" : "4.0",
"lang": "eng", "description" : {
"value": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "description_data" : [
}] {
}, "lang" : "eng",
"problemtype": { "value" : "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
"problemtype_data": [{ }
"description": [{ ]
"lang": "eng", },
"value": "CWE-22" "problemtype" : {
}] "problemtype_data" : [
}] {
}, "description" : [
"references": { {
"reference_data": [{ "lang" : "eng",
"url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245" "value" : "CWE-22"
}, { }
"url": "https://snyk.io/research/zip-slip-vulnerability" ]
}, { }
"url": "https://github.com/snyk/zip-slip-vulnerability" ]
}, { },
"url": "https://github.com/haf/DotNetZip.Semverd/pull/121" "references" : {
}, { "reference_data" : [
"url": "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366" {
}] "name" : "https://github.com/snyk/zip-slip-vulnerability",
} "refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
},
{
"name" : "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366",
"refsource" : "CONFIRM",
"url" : "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
},
{
"name" : "https://github.com/haf/DotNetZip.Semverd/pull/121",
"refsource" : "CONFIRM",
"url" : "https://github.com/haf/DotNetZip.Semverd/pull/121"
}
]
}
} }

138
2018/1002xxx/CVE-2018-1002206.json
View File

@ -1,58 +1,86 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z", "DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID": "CVE-2018-1002206", "ID" : "CVE-2018-1002206",
"REQUESTER": "danny@snyk.io", "REQUESTER" : "danny@snyk.io",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"UPDATED": "2018-05-17T10:52Z" "UPDATED" : "2018-05-17T10:52Z"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [{ "vendor_data" : [
"product": { {
"product_data": [{ "product" : {
"product_name": "SharpCompress", "product_data" : [
"version": { {
"version_data": [{ "product_name" : "SharpCompress",
"version_affected": "<", "version" : {
"version_value": "0.21.0" "version_data" : [
}] {
"version_affected" : "<",
"version_value" : "0.21.0"
}
]
} }
}] }
}, ]
"vendor_name": "SharpCompress" },
}] "vendor_name" : "SharpCompress"
} }
}, ]
"data_format": "MITRE", }
"data_type": "CVE", },
"data_version": "4.0", "data_format" : "MITRE",
"description": { "data_type" : "CVE",
"description_data": [{ "data_version" : "4.0",
"lang": "eng", "description" : {
"value": "SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "description_data" : [
}] {
}, "lang" : "eng",
"problemtype": { "value" : "SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
"problemtype_data": [{ }
"description": [{ ]
"lang": "eng", },
"value": "CWE-22" "problemtype" : {
}] "problemtype_data" : [
}] {
}, "description" : [
"references": { {
"reference_data": [{ "lang" : "eng",
"url": "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246" "value" : "CWE-22"
}, { }
"url": "https://snyk.io/research/zip-slip-vulnerability" ]
}, { }
"url": "https://github.com/snyk/zip-slip-vulnerability" ]
}, { },
"url": "https://github.com/adamhathcock/sharpcompress/pull/374" "references" : {
}, { "reference_data" : [
"url": "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6" {
}] "name" : "https://github.com/snyk/zip-slip-vulnerability",
} "refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246"
},
{
"name" : "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6",
"refsource" : "CONFIRM",
"url" : "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6"
},
{
"name" : "https://github.com/adamhathcock/sharpcompress/pull/374",
"refsource" : "CONFIRM",
"url" : "https://github.com/adamhathcock/sharpcompress/pull/374"
}
]
}
} }

138
2018/1002xxx/CVE-2018-1002207.json
View File

@ -1,58 +1,86 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z", "DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID": "CVE-2018-1002207", "ID" : "CVE-2018-1002207",
"REQUESTER": "danny@snyk.io", "REQUESTER" : "danny@snyk.io",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"UPDATED": "2018-05-17T10:52Z" "UPDATED" : "2018-05-17T10:52Z"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [{ "vendor_data" : [
"product": { {
"product_data": [{ "product" : {
"product_name": "archiver", "product_data" : [
"version": { {
"version_data": [{ "product_name" : "archiver",
"version_affected": "<", "version" : {
"version_value": "e4ef56d48eb029648b0e895bb0b6a393ef0829c3" "version_data" : [
}] {
"version_affected" : "<",
"version_value" : "e4ef56d48eb029648b0e895bb0b6a393ef0829c3"
}
]
} }
}] }
}, ]
"vendor_name": "golang" },
}] "vendor_name" : "golang"
} }
}, ]
"data_format": "MITRE", }
"data_type": "CVE", },
"data_version": "4.0", "data_format" : "MITRE",
"description": { "data_type" : "CVE",
"description_data": [{ "data_version" : "4.0",
"lang": "eng", "description" : {
"value": "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "description_data" : [
}] {
}, "lang" : "eng",
"problemtype": { "value" : "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
"problemtype_data": [{ }
"description": [{ ]
"lang": "eng", },
"value": "CWE-22" "problemtype" : {
}] "problemtype_data" : [
}] {
}, "description" : [
"references": { {
"reference_data": [{ "lang" : "eng",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071" "value" : "CWE-22"
}, { }
"url": "https://snyk.io/research/zip-slip-vulnerability" ]
}, { }
"url": "https://github.com/snyk/zip-slip-vulnerability" ]
}, { },
"url": "https://github.com/mholt/archiver/pull/65" "references" : {
}, { "reference_data" : [
"url": "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3" {
}] "name" : "https://github.com/snyk/zip-slip-vulnerability",
} "refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071"
},
{
"name" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3",
"refsource" : "CONFIRM",
"url" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3"
},
{
"name" : "https://github.com/mholt/archiver/pull/65",
"refsource" : "CONFIRM",
"url" : "https://github.com/mholt/archiver/pull/65"
}
]
}
} }

136
2018/1002xxx/CVE-2018-1002208.json
View File

@ -1,56 +1,86 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-05-17T10:52Z", "DATE_ASSIGNED" : "2018-05-17T10:52Z",
"ID": "CVE-2018-1002208", "ID" : "CVE-2018-1002208",
"REQUESTER": "danny@snyk.io", "REQUESTER" : "danny@snyk.io",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"UPDATED": "2018-06-11T10:52Z" "UPDATED" : "2018-06-11T10:52Z"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [{ "vendor_data" : [
"product": { {
"product_data": [{ "product" : {
"product_name": "sharplibzip", "product_data" : [
"version": { {
"version_data": [{ "product_name" : "sharplibzip",
"version_affected": ">", "version" : {
"version_value": "0" "version_data" : [
}] {
"version_affected" : ">",
"version_value" : "0"
}
]
} }
}] }
}, ]
"vendor_name": "sharplibzip" },
}] "vendor_name" : "sharplibzip"
} }
}, ]
"data_format": "MITRE", }
"data_type": "CVE", },
"data_version": "4.0", "data_format" : "MITRE",
"description": { "data_type" : "CVE",
"description_data": [{ "data_version" : "4.0",
"lang": "eng", "description" : {
"value": "sharplibzip is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "description_data" : [
}] {
}, "lang" : "eng",
"problemtype": { "value" : "sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
"problemtype_data": [{ }
"description": [{ ]
"lang": "eng", },
"value": "CWE-22" "problemtype" : {
}] "problemtype_data" : [
}] {
}, "description" : [
"references": { {
"reference_data": [{ "lang" : "eng",
"url": "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247" "value" : "CWE-22"
}, { }
"url": "https://github.com/icsharpcode/SharpZipLib/issues/232" ]
}, { }
"url": "https://snyk.io/research/zip-slip-vulnerability" ]
}, { },
"url": "https://github.com/snyk/zip-slip-vulnerability" "references" : {
}] "reference_data" : [
} {
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247"
},
{
"name" : "https://github.com/icsharpcode/SharpZipLib/issues/232",
"refsource" : "CONFIRM",
"url" : "https://github.com/icsharpcode/SharpZipLib/issues/232"
},
{
"name" : "https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0",
"refsource" : "CONFIRM",
"url" : "https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0"
}
]
}
} }

129
2018/1002xxx/CVE-2018-1002209.json
View File

@ -1,54 +1,81 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2018-06-14T10:52Z", "DATE_ASSIGNED" : "2018-06-14T10:52Z",
"ID": "CVE-2018-1002209", "ID" : "CVE-2018-1002209",
"REQUESTER": "danny@snyk.io", "REQUESTER" : "danny@snyk.io",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"UPDATED": "2018-06-14T10:52Z" "UPDATED" : "2018-06-14T10:52Z"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [{ "vendor_data" : [
"product": { {
"product_data": [{ "product" : {
"product_name": "quazip", "product_data" : [
"version": { {
"version_data": [{ "product_name" : "quazip",
"version_affected": "<", "version" : {
"version_value": "0.7.6" "version_data" : [
}] {
"version_affected" : "<",
"version_value" : "0.7.6"
}
]
} }
}] }
}, ]
"vendor_name": "quazip" },
}] "vendor_name" : "quazip"
} }
}, ]
"data_format": "MITRE", }
"data_type": "CVE", },
"data_version": "4.0", "data_format" : "MITRE",
"description": { "data_type" : "CVE",
"description_data": [{ "data_version" : "4.0",
"lang": "eng", "description" : {
"value": "QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'." "description_data" : [
}] {
}, "lang" : "eng",
"problemtype": { "value" : "QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
"problemtype_data": [{ }
"description": [{ ]
"lang": "eng", },
"value": "CWE-22" "problemtype" : {
}] "problemtype_data" : [
}] {
}, "description" : [
"references": { {
"reference_data": [{ "lang" : "eng",
"url": "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98" "value" : "CWE-22"
}, { }
"url": "https://snyk.io/research/zip-slip-vulnerability" ]
}, { }
"url": "https://github.com/snyk/zip-slip-vulnerability" ]
}] },
} "references" : {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://github.com/stachenov/quazip/blob/0.7.6/NEWS.txt",
"refsource" : "CONFIRM",
"url" : "https://github.com/stachenov/quazip/blob/0.7.6/NEWS.txt"
},
{
"name" : "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98",
"refsource" : "CONFIRM",
"url" : "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98"
}
]
}
} }