Home

CVE-2018-1002200

Description

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as Zip-Slip.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.901

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-1002200 are fixed in Codehaus-plexus-archiver 3.6.0Windows
Plexus-archiver security update (CESA-2018:1836) plexus-archiver-2.4.2-5.el7_5.noarch.rpmLinux
Plexus-archiver security update (CESA-2018:1836) plexus-archiver-javadoc-2.4.2-5.el7_5.noarch.rpmLinux
(RHSA-2018:1836) Important: plexus-archiver security update plexus-archiver-2.4.2-5.el7_5.noarch.rpmLinux
(RHSA-2018:1836) Important: plexus-archiver security update plexus-archiver-javadoc-2.4.2-5.el7_5.noarch.rpmLinux
Plexus-archiver update (ELSA-2018-1836) plexus-archiver-2.4.2-5.el7_5.noarch.rpmLinux
Plexus-archiver-javadoc update (ELSA-2018-1836) plexus-archiver-javadoc-2.4.2-5.el7_5.noarch.rpmLinux
plexus-archiver Security Update (ALAS-2018-1043) plexus-archiver-2.4.2-5.amzn2.noarch.rpmLinux
plexus-archiver Security Update (ALAS-2018-1043) plexus-archiver-javadoc-2.4.2-5.amzn2.noarch.rpmLinux
Vulnerabilities CVE-2018-1002200 are fixed in Codehaus-plexus-archiver for Linux 3.6.0Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234