CVE-2018-25046 – github.com/cloudfoundry/archiver

Package

Manager: go
Name: github.com/cloudfoundry/archiver
Vulnerable Version: >=0 <0.0.0-20180523222229-09b5706aa936

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00231 pctl0.45846

Details

Cloud Foundry Archiver vulnerable to path traversal Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

Metadata

Created: 2022-12-28T00:30:23Z
Modified: 2023-01-10T15:59:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-32qh-8vg6-9g43/GHSA-32qh-8vg6-9g43.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-32qh-8vg6-9g43
Finding: F063
Auto approve: 1