CVE-2018-25046

Summary

Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

Affected Software

VendorProductVersion RangeStatus
code.cloudfoundry.org/archivercode.cloudfoundry.org/archiver/extractor0 < 0.0.0-20180523222229-09b5706aa936affected

Weaknesses

  • CWE 29: Path Traversal: "..\filename"

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References