CVE-2018-1002204
Summary
| CVE | CVE-2018-1002204 |
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-25 17:29:00 UTC |
| Updated | 2019-10-16 19:32:00 UTC |
| Description | adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Merge pull request #212 from aviadatsnyk/master · cthackers/adm-zip@62f6400 · GitHub |
CONFIRM |
github.com |
Issue Tracking, Patch, Third Party Advisory |
| fix: prevent extracting archived files outside of target path by aviadatsnyk · Pull Request #212 · cthackers/adm-zip · GitHub |
CONFIRM |
github.com |
Exploit, Issue Tracking, Patch, Third Party Advisory |
| GitHub - snyk/zip-slip-vulnerability: Zip Slip Vulnerability (Arbitrary file write through archive extraction) |
MISC |
github.com |
Exploit, Third Party Advisory |
| Arbitrary File Write via Archive Extraction (Zip Slip) in adm-zip | Snyk |
MISC |
snyk.io |
Exploit, Third Party Advisory |
| SAP HANA CVE-2018-1002204 Directory Traversal Vulnerability |
BID |
www.securityfocus.com |
Third Party Advisory, VDB Entry |
| Zip Slip Vulnerability | Snyk |
MISC |
snyk.io |
Exploit, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 983429 Nodejs (npm) Security Update for adm-zip (GHSA-3v6h-hqm4-2rg6)