Vulnerabilities (CVE)

Filtered by vendor Perl-archive-zip Project Subscribe
Filtered by product Perl-archive-zip
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-10860 3 Canonical, Debian, Perl-archive-zip Project 3 Ubuntu Linux, Debian Linux, Perl-archive-zip 2024-11-21 6.4 MEDIUM 5.4 MEDIUM
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.