PT-2018-10957 · Owasp · Owasp Dependency-Check

Publicado

2018-06-07

·

Atualizado

2022-05-14

·

CVE-2018-12036

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OWASP Dependency-Check versions prior to 3.2.0
Description The issue allows attackers to write to arbitrary files by using a crafted archive that holds directory traversal filenames.
Recommendations For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22CWE-123

Identificadores relacionados

CVE-2018-12036
GHSA-HCWX-7Q5V-VC67

Produtos afetados

Owasp Dependency-Check