CVE-2018-1002201
published 2018-07-25CVE-2018-1002201: zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that…
PriorityP339medium5.5CVSS 3.1
AVLACLPRNUIRSUCNIHAN
EPSS
10.35%
95.1th percentile
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jrebel | zt-zip | < 1.13 | 1.13 |
| zeroturnaround | zt-zip | >= unspecified < 1.13 | 1.13 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
zt-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
vendor_redhat·2018-06-05·CVSS 5.5
CVE-2018-1002201 [MEDIUM] CWE-20 zt-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
zt-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Package: zt-zip (Red Hat BPM Suite 6) - Affected
Package: zt-zip (Red Hat JBoss BRMS 6) - Affected
GHSA
Improper Limitation of a Pathname to a Restricted Directory in zt-zip
ghsa·2022-05-13
CVE-2018-1002201 [MEDIUM] CWE-22 Improper Limitation of a Pathname to a Restricted Directory in zt-zip
Improper Limitation of a Pathname to a Restricted Directory in zt-zip
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
OSV
Improper Limitation of a Pathname to a Restricted Directory in zt-zip
osv·2022-05-13
CVE-2018-1002201 [MEDIUM] Improper Limitation of a Pathname to a Restricted Directory in zt-zip
Improper Limitation of a Pathname to a Restricted Directory in zt-zip
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-1002201 zt-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
bugzilla·2018-05-30·CVSS 5.5
CVE-2018-1002201 [MEDIUM] CVE-2018-1002201 zt-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
CVE-2018-1002201 zt-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar,xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. Of course if an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. This affects multiple libraries that lacks of a high level APIs that
arXiv
How well does LLM generate security tests?
arxiv_fulltext·2023-10-03
How well does LLM generate security tests?
How well does LLM generate security tests?
## Abstract
Developers often build software on top of third-party libraries (Libs) to improve programmer productivity and software quality. The libraries may contain vulnerabilities exploitable by hackers to attack the applications (Apps) built on top of them. People refer to such attacks as supply chain attacks, the documented number of which has increased 742% in 2022. People created tools to mitigate such attacks, by scanning the library dependencies of Apps, identifying the usage of vulnerable library versions, and suggesting secure alternatives to vulnerable dependencies. However, recent studies show that many developers do not trust the reports by these tools; they ask for code or evidence to demonstrate how library vulnerabilities lead to
https://github.com/snyk/zip-slip-vulnerabilityhttps://github.com/zeroturnaround/zt-zip/blob/zt-zip-1.13/Changelog.txthttps://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fffhttps://snyk.io/research/zip-slip-vulnerabilityhttps://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681https://github.com/snyk/zip-slip-vulnerabilityhttps://github.com/zeroturnaround/zt-zip/blob/zt-zip-1.13/Changelog.txthttps://github.com/zeroturnaround/zt-zip/commit/759b72f33bc8f4d69f84f09fcb7f010ad45d6fffhttps://snyk.io/research/zip-slip-vulnerabilityhttps://snyk.io/vuln/SNYK-JAVA-ORGZEROTURNAROUND-31681
2018-07-25
Published