CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-25046 – Path traversal in code.cloudfoundry.org/archiver
https://notcve.org/view.php?id=CVE-2018-25046
27 Dec 2022 — Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. • https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-29281
https://notcve.org/view.php?id=CVE-2021-29281
07 Jul 2022 — File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317. Una vulnerabilidad en la carga de archivos en GFI Mail Archiver versiones hasta 15.1 incluyéndola, por medio de una implementación no segura del plugin Telerik Web UI, que está afectado por CVE-2014-2217, y CVE-2017-11317 • https://aminbohio.com/gfi-mail-archiver-15-1-telerik-ui-component-arbitrary-file-upload-unauthenticated-exploit • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-10743
https://notcve.org/view.php?id=CVE-2019-10743
28 Oct 2019 — All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. • https://github.com/mholt/archiver/pull/169 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 11%CPEs: 1EXPL: 4CVE-2018-1002207
https://notcve.org/view.php?id=CVE-2018-1002207
25 Jul 2018 — mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. El paquete mholt/archiver golang en versiones anteriores a la e4ef56d48eb029648b0e895bb0b6a393ef0829c3 es vulnerable a un salto de directorio, lo que permite que los atacantes escriban en archivos arbitrarios mediante... • https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •