Vulnerability Details CVE-2018-1002209
QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.0%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://github.com/snyk/zip-slip-vulnerability
- https://github.com/stachenov/quazip/blob/0.7.6/NEWS.txt
- https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98
- https://snyk.io/research/zip-slip-vulnerability
- https://github.com/snyk/zip-slip-vulnerability
- https://github.com/stachenov/quazip/blob/0.7.6/NEWS.txt
- https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98
- https://snyk.io/research/zip-slip-vulnerability
Products affected by CVE-2018-1002209
-
cpe:2.3:a:quazip_project:quazip:0.1
-
cpe:2.3:a:quazip_project:quazip:0.2
-
cpe:2.3:a:quazip_project:quazip:0.2.1
-
cpe:2.3:a:quazip_project:quazip:0.2.2
-
cpe:2.3:a:quazip_project:quazip:0.2.3
-
cpe:2.3:a:quazip_project:quazip:0.3
-
cpe:2.3:a:quazip_project:quazip:0.4
-
cpe:2.3:a:quazip_project:quazip:0.4.1
-
cpe:2.3:a:quazip_project:quazip:0.4.2
-
cpe:2.3:a:quazip_project:quazip:0.4.3
-
cpe:2.3:a:quazip_project:quazip:0.4.4
-
cpe:2.3:a:quazip_project:quazip:0.5
-
cpe:2.3:a:quazip_project:quazip:0.5.1
-
cpe:2.3:a:quazip_project:quazip:0.5.2
-
cpe:2.3:a:quazip_project:quazip:0.6
-
cpe:2.3:a:quazip_project:quazip:0.6.1
-
cpe:2.3:a:quazip_project:quazip:0.6.2
-
cpe:2.3:a:quazip_project:quazip:0.7
-
cpe:2.3:a:quazip_project:quazip:0.7.1
-
cpe:2.3:a:quazip_project:quazip:0.7.2
-
cpe:2.3:a:quazip_project:quazip:0.7.3
-
cpe:2.3:a:quazip_project:quazip:0.7.4
-
cpe:2.3:a:quazip_project:quazip:0.7.5