To support the growing demands of open source security, OSS Index will migrate to Sonatype Guide on 04/28. To learn more about how to prepare for this transition, click here.

Vulnerability

CVE-2023-39138

Report advisory or correction

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

References

https://github.com/weichsel/ZIPFoundation/issues/281

https://github.com/weichsel/ZIPFoundation/issues/282

https://github.com/weichsel/ZIPFoundation/issues/284

https://github.com/weichsel/ZIPFoundation/issues/303

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39138

[CVE-2023-39138] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file.