PT-2018-10957 · Owasp · Owasp Dependency-Check

Published

2018-06-07

Updated

2022-05-14

CVE-2018-12036

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OWASP Dependency-Check versions prior to 3.2.0

Description The issue allows attackers to write to arbitrary files by using a crafted archive that holds directory traversal filenames.

Recommendations For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2018-12036

GHSA-HCWX-7Q5V-VC67

Owasp Dependency-Check