Vulnerability Details CVE-2018-8909
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-8909
-
cpe:2.3:a:wire:wire:2.10.252
-
cpe:2.3:a:wire:wire:2.12.263
-
cpe:2.3:a:wire:wire:2.12.264
-
cpe:2.3:a:wire:wire:2.13.265
-
cpe:2.3:a:wire:wire:2.14.275
-
cpe:2.3:a:wire:wire:2.15.279
-
cpe:2.3:a:wire:wire:2.16.282
-
cpe:2.3:a:wire:wire:2.17.568
-
cpe:2.3:a:wire:wire:2.18.288
-
cpe:2.3:a:wire:wire:2.19.289
-
cpe:2.3:a:wire:wire:2.2.210
-
cpe:2.3:a:wire:wire:2.20.293
-
cpe:2.3:a:wire:wire:2.21.295
-
cpe:2.3:a:wire:wire:2.22.297
-
cpe:2.3:a:wire:wire:2.22.298
-
cpe:2.3:a:wire:wire:2.27.314
-
cpe:2.3:a:wire:wire:2.29.318
-
cpe:2.3:a:wire:wire:2.3.211
-
cpe:2.3:a:wire:wire:2.30.321
-
cpe:2.3:a:wire:wire:2.31.324
-
cpe:2.3:a:wire:wire:2.31.325
-
cpe:2.3:a:wire:wire:2.32.326
-
cpe:2.3:a:wire:wire:2.32.327
-
cpe:2.3:a:wire:wire:2.32.330
-
cpe:2.3:a:wire:wire:2.33.333
-
cpe:2.3:a:wire:wire:2.33.335
-
cpe:2.3:a:wire:wire:2.34.338
-
cpe:2.3:a:wire:wire:2.35.339
-
cpe:2.3:a:wire:wire:2.35.340
-
cpe:2.3:a:wire:wire:2.36.342
-
cpe:2.3:a:wire:wire:2.36.343
-
cpe:2.3:a:wire:wire:2.37.349
-
cpe:2.3:a:wire:wire:2.38.351
-
cpe:2.3:a:wire:wire:2.38.352
-
cpe:2.3:a:wire:wire:2.39.353
-
cpe:2.3:a:wire:wire:2.39.354
-
cpe:2.3:a:wire:wire:2.40.357
-
cpe:2.3:a:wire:wire:2.41.359
-
cpe:2.3:a:wire:wire:2.42.364
-
cpe:2.3:a:wire:wire:2.9.228
-
cpe:2.3:a:wire:wire:3.16
-
cpe:2.3:a:wire:wire:3.17
-
cpe:2.3:a:wire:wire:3.18
-
cpe:2.3:a:wire:wire:3.19
-
cpe:2.3:a:wire:wire:3.20
-
cpe:2.3:a:wire:wire:3.21
-
cpe:2.3:a:wire:wire:3.22
-
cpe:2.3:a:wire:wire:3.23
-
cpe:2.3:a:wire:wire:3.24
-
cpe:2.3:a:wire:wire:3.24.684
-
cpe:2.3:a:wire:wire:3.25
-
cpe:2.3:a:wire:wire:3.25.685
-
cpe:2.3:a:wire:wire:3.26
-
cpe:2.3:a:wire:wire:3.27
-
cpe:2.3:a:wire:wire:3.27.697
-
cpe:2.3:a:wire:wire:3.28
-
cpe:2.3:a:wire:wire:3.28.1
-
cpe:2.3:a:wire:wire:3.29
-
cpe:2.3:a:wire:wire:3.30
-
cpe:2.3:a:wire:wire:3.31
-
cpe:2.3:a:wire:wire:3.32
-
cpe:2.3:a:wire:wire:3.33
-
cpe:2.3:a:wire:wire:3.33.1
-
cpe:2.3:a:wire:wire:3.35
-
cpe:2.3:a:wire:wire:3.35.814
-
cpe:2.3:a:wire:wire:3.36.819
-
cpe:2.3:a:wire:wire:3.37.3113
-
cpe:2.3:a:wire:wire:3.37.820
-
cpe:2.3:a:wire:wire:3.38
-
cpe:2.3:a:wire:wire:3.39
-
cpe:2.3:a:wire:wire:3.40
-
cpe:2.3:a:wire:wire:3.41
-
cpe:2.3:a:wire:wire:3.42
-
cpe:2.3:a:wire:wire:3.42.863
-
cpe:2.3:a:wire:wire:3.43
-
cpe:2.3:a:wire:wire:3.44
-
cpe:2.3:a:wire:wire:3.45
-
cpe:2.3:a:wire:wire:3.46
-
cpe:2.3:a:wire:wire:3.47
-
cpe:2.3:a:wire:wire:3.47.911
-
cpe:2.3:a:wire:wire:3.48
-
cpe:2.3:a:wire:wire:3.48.915
-
cpe:2.3:a:wire:wire:3.49
-
cpe:2.3:a:wire:wire:3.49.918
-
cpe:2.3:a:wire:wire:3.49.921
-
cpe:2.3:a:wire:wire:3.5.888
-
cpe:2.3:a:wire:wire:3.50
-
cpe:2.3:a:wire:wire:3.51
-
cpe:2.3:a:wire:wire:3.52
-
cpe:2.3:a:wire:wire:3.53
-
cpe:2.3:a:wire:wire:3.54
-
cpe:2.3:a:wire:wire:3.55
-
cpe:2.3:a:wire:wire:3.56
-
cpe:2.3:a:wire:wire:3.57
-
cpe:2.3:a:wire:wire:3.57.948
-
cpe:2.3:a:wire:wire:3.58
-
cpe:2.3:a:wire:wire:3.59
-
cpe:2.3:a:wire:wire:3.59.959
-
cpe:2.3:a:wire:wire:3.60
-
cpe:2.3:a:wire:wire:3.61
-
cpe:2.3:a:wire:wire:3.61.964
-
cpe:2.3:a:wire:wire:3.61.965
-
cpe:2.3:a:wire:wire:3.62
-
cpe:2.3:a:wire:wire:3.63
-
cpe:2.3:a:wire:wire:3.63.974
-
cpe:2.3:a:wire:wire:3.64
-
cpe:2.3:a:wire:wire:3.65
-
cpe:2.3:a:wire:wire:3.66
-
cpe:2.3:a:wire:wire:3.66.985