CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-1263

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 80.7%

CVSS Severity

CVSS v3 Score 4.7

CVSS v2 Score 4.0

References

http://www.securityfocus.com/bid/104179
https://pivotal.io/security/cve-2018-1263
http://www.securityfocus.com/bid/104179
https://pivotal.io/security/cve-2018-1263

Products affected by CVE-2018-1263

Vmware » Spring Integration Zip » Version: 1.0.0

cpe:2.3:a:vmware:spring_integration_zip:1.0.0
Vmware » Spring Integration Zip » Version: 1.0.1

cpe:2.3:a:vmware:spring_integration_zip:1.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1263

Products

Pricing

Contact Us