Zip.Slip.Archive.Extraction.Path.Traversal.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution vulnerability in multiple ZIP archive libraries and products.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a crafted file. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted archive file.
Affected Products
npm library unzipper versions prior to 0.8.13
npm library adm-zip versions prior to 0.4.9
Java library plexus-archiver versions prior to 3.6.0
Java library zt-zip versions prior to 1.13
Java library zip4j
.NET library DotNetZip.Semverd versions prior to 1.11.0
.NET library SharpCompress versions prior to 0.21.0
.NET library archiver versions prior to e4ef56d4
Oracle java.util.zip
Apache commons-compress
.NET library SharpZipLib
Ruby gem zip-ruby
Ruby gem rubyzip
Ruby gem zipruby
Go library archive
Apache Storm versions prior to 1.0.7
Apache Hadoop
Apache Hive
Apache Maven
Apache Ant versions prior to 1.9.12
Pivotal spring-integration-zip versions prior to 1.0.1
HP Fortify Cloud Scan Jenkins Plugin
OWASP DependencyCheck
Amazon AWS Toolkit for Eclipse
SonarCube SonarCube
Cinchapi Concourse
Orient Technologies OrientDB
FenixEdu Academic
Lucee Lucee
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Visit the individual vendor's site for updates.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2024-01-24 | 26.721 | Sig Added |
2020-08-12 | 15.904 | Sig Added |
2018-09-25 | 13.457 | Sig Added |