CVE-2018-10862
MEDIUM5.5EPSS 0.30%Improper Limitation of a Pathname to a Restricted Directory in WildFly
發布日:2022/5/14修改日:2023/11/8
描述
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
受影響套件(1)
- Maven/org.wildfly.core:wildfly-serverfrom 0, < 6.0.0.Alpha3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
參考連結(12)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-10862
- WEBhttps://access.redhat.com/errata/RHSA-2018:2276
- WEBhttps://access.redhat.com/errata/RHSA-2018:2277
- WEBhttps://access.redhat.com/errata/RHSA-2018:2279
- WEBhttps://access.redhat.com/errata/RHSA-2018:2423
- WEBhttps://access.redhat.com/errata/RHSA-2018:2424
- WEBhttps://access.redhat.com/errata/RHSA-2018:2425
- WEBhttps://access.redhat.com/errata/RHSA-2018:2428
- WEBhttps://access.redhat.com/errata/RHSA-2018:2643
- WEBhttps://access.redhat.com/errata/RHSA-2019:0877
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862
- WEBhttps://snyk.io/research/zip-slip-vulnerability