Vulnerabilities (CVE)

Filtered by vendor Alibabagroup Subscribe
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25842 1 Alibabagroup 1 One-java-agent 2024-02-28 7.5 HIGH 9.8 CRITICAL
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.