5l1D3R / Github-actions

0 stars 0 forks source link

CVE: 2018-1002200 found in Plexus Archiver Component - Version: 1.0-alpha-3 [JAVA] #31

Open github-actions[bot] opened 2 years ago

github-actions[bot] commented 2 years ago

Veracode Software Composition Analysis

Attribute Details
Library Plexus Archiver Component
Description The Plexus project provides a full software stack for creating and executing software projects.
Language JAVA
Vulnerability Arbitrary File Write
Vulnerability description Plexus Archiver Component is vulnerable to zip-slip vulnerability. The vulnerability exists when the attacker inputs a malicious zip archive with filenames including file traversal characters such as dot dot (..), leading to concatenation of file path locating outside of the destination folder.
CVE 2018-1002200
CVSS score 4.3
Vulnerability present in version/s 1.0-alpha-3-2.4.4
Found library version/s 1.0-alpha-3
Vulnerability fixed in version 3.6
Library latest version 4.6.0
Fix null

Links:

github-actions[bot] commented 2 years ago

Veracode issue link to PR: https://github.com/5l1D3R/Github-actions/pull/2