Vulnerability Description
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudfoundry | Archiver | < 2018-05-23 |
Related Weaknesses (CWE)
References
- https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523PatchThird Party Advisory
- https://pkg.go.dev/vuln/GO-2020-0025Third Party Advisory
- https://snyk.io/research/zip-slip-vulnerabilityTechnical DescriptionThird Party Advisory
- https://github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523PatchThird Party Advisory
- https://pkg.go.dev/vuln/GO-2020-0025Third Party Advisory
- https://snyk.io/research/zip-slip-vulnerabilityTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2018-25046?
CVE-2018-25046 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
How severe is CVE-2018-25046?
CVE-2018-25046 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-25046?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudfoundry Archiver.