Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
archiver 路径遍历漏洞
Vulnerability Description
archiver是一款压缩/解压缩实用程序。 archiver中存在安全漏洞。攻击者可通过将名称中带有目录遍历字符的文件放置到ZIP归档文件利用该漏洞覆盖任意文件。
CVSS Information
N/A
Vulnerability Type
N/A