Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS13OHIyLTVqOHgteDhqNs4AATig

Improper Limitation of a Pathname to a Restricted Directory in WildFly

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

Permalink: https://github.com/advisories/GHSA-w8r2-5j8x-x8j6
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OHIyLTVqOHgteDhqNs4AATig
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago

CVSS Score: 5.5
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Identifiers: GHSA-w8r2-5j8x-x8j6, CVE-2018-10862
References:

• https://nvd.nist.gov/vuln/detail/CVE-2018-10862
• https://access.redhat.com/errata/RHSA-2018:2276
• https://access.redhat.com/errata/RHSA-2018:2277
• https://access.redhat.com/errata/RHSA-2018:2279
• https://access.redhat.com/errata/RHSA-2018:2423
• https://access.redhat.com/errata/RHSA-2018:2424
• https://access.redhat.com/errata/RHSA-2018:2425
• https://access.redhat.com/errata/RHSA-2018:2428
• https://access.redhat.com/errata/RHSA-2018:2643
• https://access.redhat.com/errata/RHSA-2019:0877
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862
• https://snyk.io/research/zip-slip-vulnerability
• https://github.com/advisories/GHSA-w8r2-5j8x-x8j6

Blast Radius: 12.9

Affected Packages