CVE-2023-46122
3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Summary
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorized_keys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however many projects use IO.unzip(...) directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| sbt | sbt | >= 0.3.4, < 1.9.7 | affected |
Weaknesses
- CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/sbt/sbt/security/advisories/GHSA-h9mw-grgx-2fhf
- https://github.com/sbt/io/issues/358
- https://github.com/sbt/io/pull/360
- https://github.com/sbt/io/commit/124538348db0713c80793cb57b915f97ec13188a
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://github.com/sbt/sbt/security/advisories/GHSA-h9mw-grgx-2fhf
- https://github.com/sbt/io/issues/358
- https://github.com/sbt/io/pull/360
- https://github.com/sbt/io/commit/124538348db0713c80793cb57b915f97ec13188a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.