← voltar
CVE-2018-10860

CVE-2018-10860

CVSS 5.4 MEDIUMEPSS 48.7%CWE-22
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Produtos afetados
[UNKNOWN] · perl-archive-zip

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10860https://lists.debian.org/debian-lts-announce/2018/07/msg00032.htmlhttps://usn.ubuntu.com/3703-1/https://usn.ubuntu.com/3703-2/https://www.debian.org/security/2018/dsa-4300http://www.securityfocus.com/bid/104580