CVE-2023-5938

Name of the Vulnerable Software and Affected Versions Arc (affected versions not specified)

Description The issue arises from multiple functions using archives without properly validating the filenames, making the application susceptible to path traversal via 'zip slip' attacks. An administrator who can provide tampered archives for processing by the affected Arc versions may be able to extract arbitrary files to arbitrary filesystem locations. This could allow an attacker to overwrite arbitrary files on the target filesystem, potentially leading to critical system impacts, such as arbitrary command execution on the victim's machine.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.