CVE-2018-1002200
published 2018-07-25CVE-2018-1002200: plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry…
PriorityP340medium5.5CVSS 3.0
AVLACLPRNUIRSUCNIHAN
EPSS
13.18%
95.9th percentile
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codehaus-plexus | plexus-archiver | < 3.6.0 | 3.6.0 |
| codehaus-plexus | plexus-archiver | >= 0 < 3.6.0-1 | 3.6.0-1 |
| codehaus-plexus | plexus-archiver | >= 0 < 3.6.0-1 | 3.6.0-1 |
| codehaus-plexus | plexus-archiver | >= 0 < 3.6.0-1 | 3.6.0-1 |
| codehaus-plexus | plexus-archiver | >= 0 < 3.6.0-1 | 3.6.0-1 |
| codehaus | plexus-archiver | >= unspecified < 3.6.0 | 3.6.0 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | plexus-archiver | < plexus-archiver 3.6.0-1 (bookworm) | plexus-archiver 3.6.0-1 (bookworm) |
| github.com | zarf-dev_zarf_src_pkg_archive | >= 0.54.0 < 0.73.1 | 0.73.1 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Plexus Archiver vulnerability
vendor_ubuntu·2021-03-15
CVE-2018-1002200 Plexus Archiver vulnerability
Title: Plexus Archiver vulnerability
Summary: Plexus Archiver could be made to overwrite files if it received specially
crafted Zip file.
It was discovered that Plexus Archiver incorrectly handled directory
traversal during extraction. An attacker could possibly use this for a
Zip-Slip attack.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
vendor_redhat·2018-06-05·CVSS 5.5
CVE-2018-1002200 [MEDIUM] CWE-22 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or vulnerable configurations.
Package: plexus-archiver (JBoss Developer Studio 9) - Not affected
Package: plexus-archiver (Red Hat Enterprise
Debian
CVE-2018-1002200: plexus-archiver - plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing atta...
vendor_debian·2018·CVSS 5.5
CVE-2018-1002200 [MEDIUM] CVE-2018-1002200: plexus-archiver - plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing atta...
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Scope: local
bookworm: resolved (fixed in 3.6.0-1)
bullseye: resolved (fixed in 3.6.0-1)
forky: resolved (fixed in 3.6.0-1)
sid: resolved (fixed in 3.6.0-1)
trixie: resolved (fixed in 3.6.0-1)
OSV
Zarf's symlink targets in archives are not validated against destination directory
osv·2026-03-06
CVE-2026-29064 [HIGH] Zarf's symlink targets in archives are not validated against destination directory
Zarf's symlink targets in archives are not validated against destination directory
### Summary
A path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or write on the system processing the package.
### What users should do
Upgrade immediately to version v0.73.1
If developers cannot upgrade immediately, only process Zarf packages from fully trusted sources until the fix is applied.
If using trusted packages and archives - the only impact to this is updating zarf binary or SDK package versions. Previously created packages do not need to be rebuilt.
### Who is affected
- Any user of affected Zarf versions who processes packages from untrusted or semi-trust
GHSA
Zarf's symlink targets in archives are not validated against destination directory
ghsa·2026-03-06
CVE-2026-29064 [HIGH] CWE-22 Zarf's symlink targets in archives are not validated against destination directory
Zarf's symlink targets in archives are not validated against destination directory
### Summary
A path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or write on the system processing the package.
### What users should do
Upgrade immediately to version v0.73.1
If developers cannot upgrade immediately, only process Zarf packages from fully trusted sources until the fix is applied.
If using trusted packages and archives - the only impact to this is updating zarf binary or SDK package versions. Previously created packages do not need to be rebuilt.
### Who is affected
- Any user of affected Zarf versions who processes packages from untrusted or semi-trust
GHSA
Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
ghsa·2022-05-13
CVE-2018-1002200 [MEDIUM] CWE-22 Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
OSV
Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
osv·2022-05-13
CVE-2018-1002200 [MEDIUM] Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
OSV
CVE-2018-1002200: plexus-archiver before 3
osv·2018-07-25·CVSS 5.5
CVE-2018-1002200 [MEDIUM] CVE-2018-1002200: plexus-archiver before 3
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
No detection rules found.
No public exploits indexed.
arXiv
How well does LLM generate security tests?
arxiv_fulltext·2023-10-03
How well does LLM generate security tests?
How well does LLM generate security tests?
## Abstract
Developers often build software on top of third-party libraries (Libs) to improve programmer productivity and software quality. The libraries may contain vulnerabilities exploitable by hackers to attack the applications (Apps) built on top of them. People refer to such attacks as supply chain attacks, the documented number of which has increased 742% in 2022. People created tools to mitigate such attacks, by scanning the library dependencies of Apps, identifying the usage of vulnerable library versions, and suggesting secure alternatives to vulnerable dependencies. However, recent studies show that many developers do not trust the reports by these tools; they ask for code or evidence to demonstrate how library vulnerabilities lead to
Bugzilla
CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-28]
bugzilla·2018-06-06·CVSS 5.5
CVE-2018-1002200 [MEDIUM] CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-28]
CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-28]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-28.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commi
Bugzilla
CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-27]
bugzilla·2018-06-06·CVSS 5.5
CVE-2018-1002200 [MEDIUM] CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-27]
CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-27]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-27.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commi
Bugzilla
CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
bugzilla·2018-05-30·CVSS 5.5
CVE-2018-1002200 [MEDIUM] CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar,xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. Of course if an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. This affects multiple libraries that lacks of a high level
https://access.redhat.com/errata/RHSA-2018:1836https://access.redhat.com/errata/RHSA-2018:1837https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8https://github.com/codehaus-plexus/plexus-archiver/pull/87https://github.com/snyk/zip-slip-vulnerabilityhttps://snyk.io/research/zip-slip-vulnerabilityhttps://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680https://www.debian.org/security/2018/dsa-4227https://access.redhat.com/errata/RHSA-2018:1836https://access.redhat.com/errata/RHSA-2018:1837https://github.com/codehaus-plexus/plexus-archiver/commit/f8f4233508193b70df33759ae9dc6154d69c2ea8https://github.com/codehaus-plexus/plexus-archiver/pull/87https://github.com/snyk/zip-slip-vulnerabilityhttps://snyk.io/research/zip-slip-vulnerabilityhttps://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680https://www.debian.org/security/2018/dsa-4227
2018-07-25
Published