CVE-2024-0406
Mholt/archiver: path traversal vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.
Se descubrió una falla en el paquete mholt/archiver. Esta falla permite a un atacante crear un archivo tar especialmente manipulado que, cuando se descomprime, puede permitir el acceso a archivos o directorios restringidos. Este problema puede permitir la creación o sobrescritura de archivos con los privilegios del usuario o de la aplicación usando la librería.
Red Hat OpenShift Container Platform release 4.18.4 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a traversal vulnerability.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-10 CVE Reserved
- 2024-04-06 CVE Published
- 2025-03-11 CVE Updated
- 2025-03-12 First Exploit
- 2025-03-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/walidpyh/CVE-2024-0406-POC | 2025-03-12 | |
| https://github.com/veissa/Desires | 2025-03-29 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-0406 | 2024-04-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2257749 | 2024-04-08 | |
| https://access.redhat.com/errata/RHSA-2025:2449 | 2025-03-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Advanced Cluster Security Search vendor "Redhat" for product "Advanced Cluster Security" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | * | - |
Affected
| ||||||