An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file.
References
Link | Resource |
---|---|
https://blog.ostorlab.co/zip-packages-exploitation.html | Exploit |
https://github.com/weichsel/ZIPFoundation/issues/282 | Issue Tracking |
https://ostorlab.co/vulndb/advisory/OVE-2023-4 | Exploit |
https://ostorlab.co/vulndb/advisory/OVE-2023-6 | Exploit |
Configurations
History
05 Sep 2023, 19:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | CWE-22 | |
First Time |
Peakstep zipfoundation
Peakstep |
|
CPE | cpe:2.3:a:peakstep:zipfoundation:0.9.16:*:*:*:*:*:*:* | |
References | (MISC) https://ostorlab.co/vulndb/advisory/OVE-2023-4 - Exploit | |
References | (MISC) https://ostorlab.co/vulndb/advisory/OVE-2023-6 - Exploit | |
References | (MISC) https://blog.ostorlab.co/zip-packages-exploitation.html - Exploit | |
References | (MISC) https://github.com/weichsel/ZIPFoundation/issues/282 - Issue Tracking |
30 Aug 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-30 22:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-39138
Mitre link : CVE-2023-39138
CVE.ORG link : CVE-2023-39138
JSON object : View
Products Affected
peakstep
- zipfoundation
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')