Vulnerability Description
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt's main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Scala-Sbt | Io | >= 1.0.0, < 1.9.7 |
| Scala-Sbt | Sbt | >= 0.3.4, < 1.9.7 |
Related Weaknesses (CWE)
References
- https://github.com/sbt/io/commit/124538348db0713c80793cb57b915f97ec13188aPatch
- https://github.com/sbt/io/issues/358Issue TrackingPatch
- https://github.com/sbt/io/pull/360Patch
- https://github.com/sbt/sbt/security/advisories/GHSA-h9mw-grgx-2fhfExploitPatchThird Party Advisory
- https://github.com/sbt/io/commit/124538348db0713c80793cb57b915f97ec13188aPatch
- https://github.com/sbt/io/issues/358Issue TrackingPatch
- https://github.com/sbt/io/pull/360Patch
- https://github.com/sbt/sbt/security/advisories/GHSA-h9mw-grgx-2fhfExploitPatchThird Party Advisory
FAQ
What is CVE-2023-46122?
CVE-2023-46122 is a vulnerability with a CVSS score of 3.9 (LOW). sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_k...
How severe is CVE-2023-46122?
CVE-2023-46122 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46122?
Check the references section above for vendor advisories and patch information. Affected products include: Scala-Sbt Io, Scala-Sbt Sbt.