Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-1002201

zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 5.8
Products affected by CVE-2018-1002201
  • Jrebel » Zt-Zip » Version: 1.0
    cpe:2.3:a:jrebel:zt-zip:1.0
  • Jrebel » Zt-Zip » Version: 1.1
    cpe:2.3:a:jrebel:zt-zip:1.1
  • Jrebel » Zt-Zip » Version: 1.10
    cpe:2.3:a:jrebel:zt-zip:1.10
  • Jrebel » Zt-Zip » Version: 1.11
    cpe:2.3:a:jrebel:zt-zip:1.11
  • Jrebel » Zt-Zip » Version: 1.12
    cpe:2.3:a:jrebel:zt-zip:1.12
  • Jrebel » Zt-Zip » Version: 1.2
    cpe:2.3:a:jrebel:zt-zip:1.2
  • Jrebel » Zt-Zip » Version: 1.3
    cpe:2.3:a:jrebel:zt-zip:1.3
  • Jrebel » Zt-Zip » Version: 1.4
    cpe:2.3:a:jrebel:zt-zip:1.4
  • Jrebel » Zt-Zip » Version: 1.5
    cpe:2.3:a:jrebel:zt-zip:1.5
  • Jrebel » Zt-Zip » Version: 1.6
    cpe:2.3:a:jrebel:zt-zip:1.6
  • Jrebel » Zt-Zip » Version: 1.7
    cpe:2.3:a:jrebel:zt-zip:1.7
  • Jrebel » Zt-Zip » Version: 1.8
    cpe:2.3:a:jrebel:zt-zip:1.8
  • Jrebel » Zt-Zip » Version: 1.9
    cpe:2.3:a:jrebel:zt-zip:1.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved