Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zMnFoLTh2ZzYtOWc0M84AAwop
Cloud Foundry Archiver vulnerable to path traversal
Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
Permalink: https://github.com/advisories/GHSA-32qh-8vg6-9g43JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zMnFoLTh2ZzYtOWc0M84AAwop
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Identifiers: GHSA-32qh-8vg6-9g43, CVE-2018-25046
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-25046
- https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840
- https://pkg.go.dev/vuln/GO-2020-0025
- https://snyk.io/research/zip-slip-vulnerability
- https://github.com/advisories/GHSA-32qh-8vg6-9g43
Blast Radius: 13.6
Affected Packages
go:code.cloudfoundry.org/archiver
Dependent packages: 10Dependent repositories: 31
Downloads:
Affected Version Ranges: < 0.0.0-20180523222229-09b5706aa936
Fixed in: 0.0.0-20180523222229-09b5706aa936
All affected versions:
All unaffected versions:
go:github.com/cloudfoundry/archiver
Dependent packages: 1Dependent repositories: 1
Downloads:
Affected Version Ranges: < 0.0.0-20180523222229-09b5706aa936
Fixed in: 0.0.0-20180523222229-09b5706aa936
All affected versions:
All unaffected versions: