Directory Traversal Vulnerability in OWASP Dependency-Check by OWASP
CVE-2018-12036

7.8HIGH

Key Information:

Vendor

Owasp

Status
Dependency-check
Vendor
CVE Published:
7 June 2018

What is CVE-2018-12036?

The OWASP Dependency-Check tool prior to version 3.2.0 is vulnerable to directory traversal attacks which enable attackers to manipulate archive files to write to arbitrary files on the server. This occurs due to insufficient validation of filenames within crafted archives, potentially leading to unauthorized access or data manipulation. It is essential for users to upgrade to the latest version to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/jeremylong/DependencyCheck/blob/master...
x_refsource_MISC
https://github.com/snyk/zip-slip-vulnerability
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.