CVE-2020-36628
Calsign APDE ZIP File CopyBuildTask.java handleExtract path traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747.
Una vulnerabilidad ha sido encontrada en Calsign APDE y clasificada como crítica. Esto afecta a la función handleExtract del archivo APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java del componente ZIP File Handler. La manipulación conduce a path traversal. La actualización a la versión 0.5.2-pre2-alpha puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-216747.
Es wurde eine Schwachstelle in Calsign APDE entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion handleExtract der Datei APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java der Komponente ZIP File Handler. Durch die Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 0.5.2-pre2-alpha vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-12-24 CVE Reserved
- 2022-12-25 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/Calsign/APDE/releases/tag/v0.5.2-pre2-alpha | Mitigation | |
https://vuldb.com/?id.216747 | Technical Description |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/Calsign/APDE/commit/c6d64cbe465348c1bfd211122d89e3117afadecf | 2024-05-17 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Android Processing Development Environment Project Search vendor "Android Processing Development Environment Project" | Android Processing Development Environment Search vendor "Android Processing Development Environment Project" for product "Android Processing Development Environment" | < 0.5.2 Search vendor "Android Processing Development Environment Project" for product "Android Processing Development Environment" and version " < 0.5.2" | android |
Affected
| ||||||
Android Processing Development Environment Project Search vendor "Android Processing Development Environment Project" | Android Processing Development Environment Search vendor "Android Processing Development Environment Project" for product "Android Processing Development Environment" | 0.5.2 Search vendor "Android Processing Development Environment Project" for product "Android Processing Development Environment" and version "0.5.2" | pre1_alpha, android |
Affected
|