CVE-2018-10862 – org.wildfly.core:wildfly-server

Package

Manager: maven
Name: org.wildfly.core:wildfly-server
Vulnerable Version: >=0 <6.0.0.alpha3

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00325 pctl0.54879

Details

Improper Limitation of a Pathname to a Restricted Directory in WildFly WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

Metadata

Created: 2022-05-14T01:06:25Z
Modified: 2022-06-29T23:30:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w8r2-5j8x-x8j6/GHSA-w8r2-5j8x-x8j6.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-w8r2-5j8x-x8j6
Finding: F063
Auto approve: 1