CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-25046 – Path traversal in code.cloudfoundry.org/archiver
https://notcve.org/view.php?id=CVE-2018-25046
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. • https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840 https://pkg.go.dev/vuln/GO-2020-0025 https://snyk.io/research/zip-slip-vulnerability • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 2CVE-2021-29281
https://notcve.org/view.php?id=CVE-2021-29281
File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317. Una vulnerabilidad en la carga de archivos en GFI Mail Archiver versiones hasta 15.1 incluyéndola, por medio de una implementación no segura del plugin Telerik Web UI, que está afectado por CVE-2014-2217, y CVE-2017-11317 • https://aminbohio.com/gfi-mail-archiver-15-1-telerik-ui-component-arbitrary-file-upload-unauthenticated-exploit https://cwe.mitre.org/data/definitions/434.html https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload https://www.exploit-db.com/exploits/50181 https://www.gfi.com/products-and-solutions/network-security-solutions/gfi-archiver • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10743
https://notcve.org/view.php?id=CVE-2019-10743
All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. • https://github.com/mholt/archiver/pull/169 https://snyk.io/research/zip-slip-vulnerability https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728%2C • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 4CVE-2018-1002207
https://notcve.org/view.php?id=CVE-2018-1002207
mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. El paquete mholt/archiver golang en versiones anteriores a la e4ef56d48eb029648b0e895bb0b6a393ef0829c3 es vulnerable a un salto de directorio, lo que permite que los atacantes escriban en archivos arbitrarios mediante un ../ (punto punto barra) en una entrada de archivo que se gestiona de manera incorrecta durante la extracción. Esta vulnerabilidad también se conoce como "Zip-Slip". • https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3 https://github.com/mholt/archiver/pull/65 https://github.com/snyk/zip-slip-vulnerability https://snyk.io/research/zip-slip-vulnerability https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •