English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

Archiver Project Archiver 3.0.1

CPE Details

Archiver Project Archiver 3.0.1
archiver_project
archiver
3.0.1
2019-10-24 16:27 +00:00
2019-10-24 16:27 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:archiver_project:archiver:3.0.1:*:*:*:*:*:*:*

Informations

Vendor

archiver_project

Product

archiver

Version

3.0.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-10743 2019-10-28 21:09 +00:00 All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.
5.5
MEDIUM

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.