NotCVE - vendor:"Vmware" product:"Spring Integration Zip" version:"

3 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-22114

https://notcve.org/view.php?id=CVE-2021-22114

01 Mar 2021 — Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. Aborda la corrección parcial en el CVE-2018-1263. Spring-integration-zip, versione... • https://tanzu.vmware.com/security/cve-2021-22114 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-1263

https://notcve.org/view.php?id=CVE-2018-1263

15 May 2018 — Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. Aborda una solución incompleta en CVE-2018-1261. Pivotal spring-integration-zip... • https://github.com/sakib570/CVE-2018-1263-Demo • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-1261

https://notcve.org/view.php?id=CVE-2018-1261

11 May 2018 — Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. Spring-integration-zip en versiones anteriores a la 1.0.1 expone una vulnerabilidad de escritura de archivos arbitrarios que pued... • http://www.securityfocus.com/bid/104178 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •