Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2018-1002207

UNKNOWN
Published 2018-07-25T17:00:00Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2018-1002207. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

golang

archiver

Affected Versions:

unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Arbitrary File Write via Archive Extraction in mholt/archiver

GHSA-5wmg-j84w-4jj4

Advisory Details

mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Affected Packages

Go github.com/mholt/archiver
ECOSYSTEM: ≥0 <2.1.0

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-1002207
WEB https://github.com/mholt/archiver/pull/65
WEB https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3
PACKAGE https://github.com/mholt/archiver
WEB https://github.com/snyk/zip-slip-vulnerability
WEB https://snyk.io/research/zip-slip-vulnerability
WEB https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071

Advisory provided by GitHub Security Advisory Database. Published: February 15, 2022, Modified: July 16, 2022

References

https://snyk.io/research/zip-slip-vulnerability
https://github.com/snyk/zip-slip-vulnerability
https://github.com/mholt/archiver/pull/65
https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071
Published: 2018-07-25T17:00:00Z
Last Modified: 2024-09-16T23:35:55.371Z
Copied to clipboard!