CVE-2018-1263

CWE-22 — Path Traversal6 documents5 sources

Severity

4.7MEDIUM

EPSS

0.7%

top 27.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Spring Integration ZIP Pivotal Spring Integration ZIP

Timeline

PublishedMay 15

Latest updateMay 13

Description

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5pivotal/spring_integration_zipversions prior to 1.0.2

▶NVDvmware/spring_integration_zip< 1.0.2

▶Mavenorg.springframework.integration:spring-integration-zip< 1.0.2

▶CVEListV5spring_integration_zip_extensionspring-integration-zip versions prior to 1.0.4

🔴Vulnerability Details

GHSA

spring-integration-zip Arbitrary File Write↗2022-05-13

▶

OSV

spring-integration-zip Arbitrary File Write↗2022-05-13

▶

GHSA

Path Traversal in Spring-integration-zip↗2022-03-18

▶

CVEList

CVE-2018-1263: Addresses partial fix in CVE-2018-1261↗2018-05-15

▶

💥Exploits & PoCs

Exploit-DB

WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object↗2018-11-29

▶