CVE-2018-1002204
published 2018-07-25CVE-2018-1002204: adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip…
PriorityP340medium5.5CVSS 3.1
AVLACLPRNUIRSUCNIHAN
EPSS
15.36%
96.4th percentile
adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adm-zip_project | adm-zip | < 0.4.9 | 0.4.9 |
| adm-zip_project | adm-zip | >= 0 < 0.4.11 | 0.4.11 |
| node.js | adm-zip | >= unspecified < 0.4.9 | 0.4.9 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Arbitrary File Write in adm-zip
osv·2018-07-27
CVE-2018-1002204 [MEDIUM] Arbitrary File Write in adm-zip
Arbitrary File Write in adm-zip
Versions of `adm-zip` before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames (`../../file.txt` for example).
## Recommendation
Update to version 0.4.9 or later.
GHSA
Arbitrary File Write in adm-zip
ghsa·2018-07-27
CVE-2018-1002204 [MEDIUM] CWE-22 Arbitrary File Write in adm-zip
Arbitrary File Write in adm-zip
Versions of `adm-zip` before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames (`../../file.txt` for example).
## Recommendation
Update to version 0.4.9 or later.
Red Hat
nodejs-adm-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
vendor_redhat·2015-01-08·CVSS 5.5
CVE-2018-1002204 [MEDIUM] CWE-20 nodejs-adm-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
nodejs-adm-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Statement: While Red Hat Mobile Application Platform (RHMAP) does include the vulnerable library, it does not use the vulnerable methods extract* fixed in the library, [1]. RHMAP upgrade the vulnerable library in a future version.
Red Hat Quay includes adm-zip as a dependency of protractor which is only used at build time. The vulnerable library is not used at runtime meaning this has a low impact on Red Hat Quay.
[1] https://gi
No detection rules found.
No public exploits indexed.
HackerOne
Arbitrary File Write Through Archive Extraction
hackerone·2018-08-12·CVSS 8.2
[HIGH] Arbitrary File Write Through Archive Extraction
Arbitrary File Write Through Archive Extraction
I would like to report arbitrary file write vulnerability in adm-zip module
It allows attackers to write arbitrary files when a malicious archive is extracted.
More info here:
https://snyk.io/research/zip-slip-vulnerability
https://github.com/snyk/zip-slip-vulnerability#affected-libraries
# Module
**module name:** adm-zip
**version:** Replace stats below with numbers from npm’s module page:
1.5M downloads in the last week
# Vulnerability
## Vulnerability Description
The vulnerability is a form of directory traversal that can be exploited by extracting files from an archive. The premise of the directory traversal vulnerability is that an attacker can gain access to parts of the file system outside of the target folder in which they shou
Bugzilla
CVE-2018-1002204 nodejs-adm-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
bugzilla·2018-05-30·CVSS 5.5
CVE-2018-1002204 [MEDIUM] CVE-2018-1002204 nodejs-adm-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
CVE-2018-1002204 nodejs-adm-zip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar,xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. Of course if an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. This affects multiple libraries that lacks of a high level A
http://www.securityfocus.com/bid/107001https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25https://github.com/cthackers/adm-zip/pull/212https://github.com/snyk/zip-slip-vulnerabilityhttps://snyk.io/research/zip-slip-vulnerabilityhttps://snyk.io/vuln/npm:adm-zip:20180415http://www.securityfocus.com/bid/107001https://github.com/cthackers/adm-zip/commit/62f64004fefb894c523a7143e8a88ebe6c84df25https://github.com/cthackers/adm-zip/pull/212https://github.com/snyk/zip-slip-vulnerabilityhttps://snyk.io/research/zip-slip-vulnerabilityhttps://snyk.io/vuln/npm:adm-zip:20180415
2018-07-25
Published