snyk/zip-slip-vulnerability

GitHub

github.com

snyk.io

Releases0

Stars840

Zip Slip Vulnerability (Arbitrary file write through archive extraction)

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-1002207 ↗	Jul 25, 2018Wednesday, 25 July 2018, 17:29	—	4.3 MEDIUM
mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVE-2018-1002208 ↗	Jul 25, 2018Wednesday, 25 July 2018, 17:29	5.5 MEDIUM	4.3 MEDIUM
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVE-2018-1002209 ↗	Jul 25, 2018Wednesday, 25 July 2018, 17:29	—	4.3 MEDIUM
QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVE-2018-1002203 ↗	Jul 25, 2018Wednesday, 25 July 2018, 17:29	—	4.3 MEDIUM
unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVE-2018-1002204 ↗	Jul 25, 2018Wednesday, 25 July 2018, 17:29	5.5 MEDIUM	4.3 MEDIUM
adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVE-2018-1002205 ↗	Jul 25, 2018Wednesday, 25 July 2018, 17:29	5.5 MEDIUM	4.3 MEDIUM
DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVE-2018-1002206 ↗	Jul 25, 2018Wednesday, 25 July 2018, 17:29	—	4.3 MEDIUM
SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVE-2018-1002200 ↗	Jul 25, 2018Wednesday, 25 July 2018, 17:29	—	4.3 MEDIUM
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVE-2018-1002201 ↗	Jul 25, 2018Wednesday, 25 July 2018, 17:29	5.5 MEDIUM	5.8 MEDIUM
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVE-2018-1002202 ↗	Jul 25, 2018Wednesday, 25 July 2018, 17:29	—	5.8 MEDIUM
zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVE-2018-12036 ↗	Jun 7, 2018Thursday, 7 June 2018, 18:29	—	6.8 MEDIUM
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.