admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-07-25 13:06:12 -04:00
parent ebaee51c48
commit cb866a8d11
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 815 additions and 538 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
2018/1002xxx/CVE-2018-1002200.json
View File

@ -9,50 +9,78 @@
},
"affects" : {
"vendor" : {
"vendor_data": [{
"vendor_data" : [
{
"product" : {
"product_data": [{
"product_data" : [
{
"product_name" : "plexus-archiver",
"version" : {
"version_data": [{
"version_data" : [
{
"version_affected" : "<",
"version_value" : "3.6.0"
}]
}
}]
]
}
}
]
},
"vendor_name" : "Codehaus"
}]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data": [{
"description_data" : [
{
"lang" : "eng",
"value": "plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
"value" : "plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data": [{
"description": [{
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}]
}]
}
]
}
]
},
"references" : {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
}, {
"url": "https://github.com/codehaus-plexus/plexus-archiver/pull/87"
}, {
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680"
},
{
"name" : "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8",
"refsource" : "CONFIRM",
"url" : "https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8"
}]
},
{
"name" : "https://github.com/codehaus-plexus/plexus-archiver/pull/87",
"refsource" : "CONFIRM",
"url" : "https://github.com/codehaus-plexus/plexus-archiver/pull/87"
}
]
}
}

70
2018/1002xxx/CVE-2018-1002201.json
View File

@ -9,48 +9,78 @@
},
"affects" : {
"vendor" : {
"vendor_data": [{
"vendor_data" : [
{
"product" : {
"product_data": [{
"product_data" : [
{
"product_name" : "zt-zip",
"version" : {
"version_data": [{
"version_data" : [
{
"version_affected" : "<",
"version_value" : "1.13"
}]
}
}]
]
}
}
]
},
"vendor_name" : "zeroturnaround"
}]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data": [{
"description_data" : [
{
"lang" : "eng",
"value": "zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
"value" : "zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data": [{
"description": [{
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}]
}]
}
]
}
]
},
"references" : {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
}, {
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681"
},
{
"name" : "https://github.com/zeroturnaround/zt-zip/blob/zt-zip-1.13/Changelog.txt",
"refsource" : "CONFIRM",
"url" : "https://github.com/zeroturnaround/zt-zip/blob/zt-zip-1.13/Changelog.txt"
},
{
"name" : "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff",
"refsource" : "CONFIRM",
"url" : "https://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fff"
}]
}
]
}
}

60
2018/1002xxx/CVE-2018-1002202.json
View File

@ -9,46 +9,68 @@
},
"affects" : {
"vendor" : {
"vendor_data": [{
"vendor_data" : [
{
"product" : {
"product_data": [{
"product_data" : [
{
"product_name" : "zip4j",
"version" : {
"version_data": [{
"version_data" : [
{
"version_affected" : "<",
"version_value" : "1.3.3"
}]
}
}]
]
}
}
]
},
"vendor_name" : "zip4j"
}]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data": [{
"description_data" : [
{
"lang" : "eng",
"value": "zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
"value" : "zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data": [{
"description": [{
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}]
}]
}
]
}
]
},
"references" : {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
}]
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679"
}
]
}
}

72
2018/1002xxx/CVE-2018-1002203.json
View File

@ -9,50 +9,78 @@
},
"affects" : {
"vendor" : {
"vendor_data": [{
"vendor_data" : [
{
"product" : {
"product_data": [{
"product_data" : [
{
"product_name" : "unzipper",
"version" : {
"version_data": [{
"version_data" : [
{
"version_affected" : "<",
"version_value" : "0.8.13"
}]
}
}]
]
}
}
]
},
"vendor_name" : "node.js"
}]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data": [{
"description_data" : [
{
"lang" : "eng",
"value": "unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
"value" : "unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data": [{
"description": [{
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}]
}]
}
]
}
]
},
"references" : {
"reference_data": [{
"url": "https://snyk.io/vuln/npm:unzipper:20180415"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
}, {
"url": "https://github.com/ZJONSSON/node-unzipper/pull/59"
}, {
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/npm:unzipper:20180415",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/npm:unzipper:20180415"
},
{
"name" : "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd",
"refsource" : "CONFIRM",
"url" : "https://github.com/ZJONSSON/node-unzipper/commit/2220ddd5b58f6252069a4f99f9475441ad0b50cd"
}]
},
{
"name" : "https://github.com/ZJONSSON/node-unzipper/pull/59",
"refsource" : "CONFIRM",
"url" : "https://github.com/ZJONSSON/node-unzipper/pull/59"
}
]
}
}

72
2018/1002xxx/CVE-2018-1002204.json
View File

@ -9,50 +9,78 @@
},
"affects" : {
"vendor" : {
"vendor_data": [{
"vendor_data" : [
{
"product" : {
"product_data": [{
"product_data" : [
{
"product_name" : "adm-zip",
"version" : {
"version_data": [{
"version_data" : [
{
"version_affected" : "<",
"version_value" : "0.4.9"
}]
}
}]
]
}
}
]
},
"vendor_name" : "node.js"
}]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data": [{
"description_data" : [
{
"lang" : "eng",
"value": "adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
"value" : "adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data": [{
"description": [{
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}]
}]
}
]
}
]
},
"references" : {
"reference_data": [{
"url": "https://snyk.io/vuln/npm:adm-zip:20180415"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
}, {
"url": "https://github.com/cthackers/adm-zip/pull/212"
}, {
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/npm:adm-zip:20180415",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/npm:adm-zip:20180415"
},
{
"name" : "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25",
"refsource" : "CONFIRM",
"url" : "https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25"
}]
},
{
"name" : "https://github.com/cthackers/adm-zip/pull/212",
"refsource" : "CONFIRM",
"url" : "https://github.com/cthackers/adm-zip/pull/212"
}
]
}
}

72
2018/1002xxx/CVE-2018-1002205.json
View File

@ -9,50 +9,78 @@
},
"affects" : {
"vendor" : {
"vendor_data": [{
"vendor_data" : [
{
"product" : {
"product_data": [{
"product_data" : [
{
"product_name" : "DotNetZip.Semvered",
"version" : {
"version_data": [{
"version_data" : [
{
"version_affected" : "<",
"version_value" : "1.11.0"
}]
}
}]
]
}
}
]
},
"vendor_name" : "DotNetZip"
}]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data": [{
"description_data" : [
{
"lang" : "eng",
"value": "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
"value" : "DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data": [{
"description": [{
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}]
}]
}
]
}
]
},
"references" : {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
}, {
"url": "https://github.com/haf/DotNetZip.Semverd/pull/121"
}, {
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-DOTNET-DOTNETZIP-60245"
},
{
"name" : "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366",
"refsource" : "CONFIRM",
"url" : "https://github.com/haf/DotNetZip.Semverd/commit/55d2c13c0cc64654e18fcdd0038fdb3d7458e366"
}]
},
{
"name" : "https://github.com/haf/DotNetZip.Semverd/pull/121",
"refsource" : "CONFIRM",
"url" : "https://github.com/haf/DotNetZip.Semverd/pull/121"
}
]
}
}

72
2018/1002xxx/CVE-2018-1002206.json
View File

@ -9,50 +9,78 @@
},
"affects" : {
"vendor" : {
"vendor_data": [{
"vendor_data" : [
{
"product" : {
"product_data": [{
"product_data" : [
{
"product_name" : "SharpCompress",
"version" : {
"version_data": [{
"version_data" : [
{
"version_affected" : "<",
"version_value" : "0.21.0"
}]
}
}]
]
}
}
]
},
"vendor_name" : "SharpCompress"
}]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data": [{
"description_data" : [
{
"lang" : "eng",
"value": "SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
"value" : "SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data": [{
"description": [{
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}]
}]
}
]
}
]
},
"references" : {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
}, {
"url": "https://github.com/adamhathcock/sharpcompress/pull/374"
}, {
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPCOMPRESS-60246"
},
{
"name" : "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6",
"refsource" : "CONFIRM",
"url" : "https://github.com/adamhathcock/sharpcompress/commit/42b1205fb435de523e6ef8ac5b7bafbe712997f6"
}]
},
{
"name" : "https://github.com/adamhathcock/sharpcompress/pull/374",
"refsource" : "CONFIRM",
"url" : "https://github.com/adamhathcock/sharpcompress/pull/374"
}
]
}
}

72
2018/1002xxx/CVE-2018-1002207.json
View File

@ -9,50 +9,78 @@
},
"affects" : {
"vendor" : {
"vendor_data": [{
"vendor_data" : [
{
"product" : {
"product_data": [{
"product_data" : [
{
"product_name" : "archiver",
"version" : {
"version_data": [{
"version_data" : [
{
"version_affected" : "<",
"version_value" : "e4ef56d48eb029648b0e895bb0b6a393ef0829c3"
}]
}
}]
]
}
}
]
},
"vendor_name" : "golang"
}]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data": [{
"description_data" : [
{
"lang" : "eng",
"value": "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
"value" : "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data": [{
"description": [{
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}]
}]
}
]
}
]
},
"references" : {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
}, {
"url": "https://github.com/mholt/archiver/pull/65"
}, {
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071"
},
{
"name" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3",
"refsource" : "CONFIRM",
"url" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3"
}]
},
{
"name" : "https://github.com/mholt/archiver/pull/65",
"refsource" : "CONFIRM",
"url" : "https://github.com/mholt/archiver/pull/65"
}
]
}
}

72
2018/1002xxx/CVE-2018-1002208.json
View File

@ -9,48 +9,78 @@
},
"affects" : {
"vendor" : {
"vendor_data": [{
"vendor_data" : [
{
"product" : {
"product_data": [{
"product_data" : [
{
"product_name" : "sharplibzip",
"version" : {
"version_data": [{
"version_data" : [
{
"version_affected" : ">",
"version_value" : "0"
}]
}
}]
]
}
}
]
},
"vendor_name" : "sharplibzip"
}]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data": [{
"description_data" : [
{
"lang" : "eng",
"value": "sharplibzip is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
"value" : "sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data": [{
"description": [{
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}]
}]
}
]
}
]
},
"references" : {
"reference_data": [{
"url": "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247"
}, {
"url": "https://github.com/icsharpcode/SharpZipLib/issues/232"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
}]
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247",
"refsource" : "MISC",
"url" : "https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247"
},
{
"name" : "https://github.com/icsharpcode/SharpZipLib/issues/232",
"refsource" : "CONFIRM",
"url" : "https://github.com/icsharpcode/SharpZipLib/issues/232"
},
{
"name" : "https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0",
"refsource" : "CONFIRM",
"url" : "https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0"
}
]
}
}

65
2018/1002xxx/CVE-2018-1002209.json
View File

@ -9,46 +9,73 @@
},
"affects" : {
"vendor" : {
"vendor_data": [{
"vendor_data" : [
{
"product" : {
"product_data": [{
"product_data" : [
{
"product_name" : "quazip",
"version" : {
"version_data": [{
"version_data" : [
{
"version_affected" : "<",
"version_value" : "0.7.6"
}]
}
}]
]
}
}
]
},
"vendor_name" : "quazip"
}]
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data": [{
"description_data" : [
{
"lang" : "eng",
"value": "QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}]
"value" : "QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data": [{
"description": [{
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}]
}]
}
]
}
]
},
"references" : {
"reference_data": [{
"url": "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98"
}, {
"url": "https://snyk.io/research/zip-slip-vulnerability"
}, {
"reference_data" : [
{
"name" : "https://github.com/snyk/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://github.com/snyk/zip-slip-vulnerability"
}]
},
{
"name" : "https://snyk.io/research/zip-slip-vulnerability",
"refsource" : "MISC",
"url" : "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name" : "https://github.com/stachenov/quazip/blob/0.7.6/NEWS.txt",
"refsource" : "CONFIRM",
"url" : "https://github.com/stachenov/quazip/blob/0.7.6/NEWS.txt"
},
{
"name" : "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98",
"refsource" : "CONFIRM",
"url" : "https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98"
}
]
}
}