An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry.
References
| Link | Resource |
|---|---|
| https://blog.ostorlab.co/zip-packages-exploitation.html | Exploit Third Party Advisory |
| https://github.com/marmelroy/Zip/issues/245 | Exploit Issue Tracking Vendor Advisory |
| https://ostorlab.co/vulndb/advisory/OVE-2023-1 | Exploit Third Party Advisory |
| https://security.snyk.io/research/zip-slip-vulnerability | Third Party Advisory |
| https://blog.ostorlab.co/zip-packages-exploitation.html | Exploit Third Party Advisory |
| https://github.com/marmelroy/Zip/issues/245 | Exploit Issue Tracking Vendor Advisory |
| https://ostorlab.co/vulndb/advisory/OVE-2023-1 | Exploit Third Party Advisory |
| https://security.snyk.io/research/zip-slip-vulnerability | Third Party Advisory |
Configurations
History
21 Nov 2024, 08:14
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://blog.ostorlab.co/zip-packages-exploitation.html - Exploit, Third Party Advisory | |
| References | () https://github.com/marmelroy/Zip/issues/245 - Exploit, Issue Tracking, Vendor Advisory | |
| References | () https://ostorlab.co/vulndb/advisory/OVE-2023-1 - Exploit, Third Party Advisory | |
| References | () https://security.snyk.io/research/zip-slip-vulnerability - Third Party Advisory |
Information
Published : 2023-08-30 22:15
Updated : 2024-11-21 08:14
NVD link : CVE-2023-39135
Mitre link : CVE-2023-39135
CVE.ORG link : CVE-2023-39135
JSON object : View
Products Affected
marmelroy
- zip
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')