In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
21 Nov 2024, 03:44
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2019/Mar/49 - Mailing List, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/104423 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1041048 - Third Party Advisory, VDB Entry | |
References | () https://access.redhat.com/errata/RHSA-2019:2097 - | |
References | () https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834 - Exploit, Mailing List, Third Party Advisory | |
References | () https://seclists.org/bugtraq/2019/Mar/42 - Mailing List, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20180927-0001/ - Patch, Third Party Advisory | |
References | () https://support.apple.com/kb/HT209600 - Third Party Advisory | |
References | () https://usn.ubuntu.com/3684-1/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/3684-2/ - Third Party Advisory | |
References | () https://www.debian.org/security/2018/dsa-4226 - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujul2020.html - |
Information
Published : 2018-06-07 13:29
Updated : 2024-11-21 03:44
NVD link : CVE-2018-12015
Mitre link : CVE-2018-12015
CVE.ORG link : CVE-2018-12015
JSON object : View
Products Affected
archive\
- \
canonical
- ubuntu_linux
netapp
- data_ontap_edge
- snap_creator_framework
- snapdrive
- oncommand_workflow_automation
perl
- perl
apple
- mac_os_x
debian
- debian_linux
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')