CVE-2018-10860 – Debian Security Advisory 4300-1

https://notcve.org/view.php?id=CVE-2018-10860

29 Jun 2018 — perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter. perl-archive-zip es vulnerable a salto de directorio en Archive::Zip. Se ha descubierto que el módulo Archivo::Zip no saneaba correctamente las rutas cuando se extraían... • http://www.securityfocus.com/bid/104580 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •