PT-2018-15295 · Eclipse · Rdf4J

Bart Hanssens

Published

2018-12-19

Updated

2024-08-16

CVE-2018-20227

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions RDF4J versions 2.4.2 through 2.4.2 RDF4J versions prior to 2.5.0

Description The issue allows Directory Traversal via ../ in an entry in a ZIP archive.

Recommendations For RDF4J version 2.4.2, update to version 2.5.0 or later. For RDF4J versions prior to 2.5.0, update to version 2.5.0 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2018-20227

GHSA-X3CR-X949-H5JV

Rdf4J