CVEs-PoC/2018/CVE-2018-1263.md at dc3bd6cd71a486f862e7cf4da52fce4cfeb10e52

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-07 17:36:58 +02:00

Files

T

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

POC

Reference

No PoCs from references.

Github

https://github.com/jpbprakash/vuln
https://github.com/mile9299/zip-slip-vulnerability
https://github.com/sakib570/CVE-2018-1263-Demo
https://github.com/snyk/zip-slip-vulnerability

1.0 KiB Raw Blame History

CVE-2018-1263

Description

POC

Reference

Github

1.0 KiB

Raw Blame History