OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
References
Link | Resource |
---|---|
https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md#version-320-2018-05-21 | Release Notes |
https://github.com/snyk/zip-slip-vulnerability | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:07
Updated: 2022-10-03T16:22:07
Reserved: 2022-10-03T00:00:00
Link: CVE-2018-12036
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-07T18:29:00.207
Modified: 2018-07-27T14:49:17.107
Link: CVE-2018-12036
JSON object: View
Redhat Information
No data.