Description

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

Remediation

References

https://snyk.io/research/zip-slip-vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862

https://access.redhat.com/errata/RHSA-2018:2279

https://access.redhat.com/errata/RHSA-2018:2277

https://access.redhat.com/errata/RHSA-2018:2276

https://access.redhat.com/errata/RHSA-2018:2428

https://access.redhat.com/errata/RHSA-2018:2425

https://access.redhat.com/errata/RHSA-2018:2424

https://access.redhat.com/errata/RHSA-2018:2423

https://access.redhat.com/errata/RHSA-2018:2643

https://access.redhat.com/errata/RHSA-2019:0877

Related Vulnerabilities

CVE-2016-10607 Vulnerability in npm package openframe-glslviewer

CVE-2020-8203 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash

CVE-2020-14966 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign

CVE-2016-3092 Vulnerability in maven package commons-fileupload:commons-fileupload

CVE-2017-17485 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

Medium

Classification

CWE-22 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Third Party Advisory Issue Tracking Vendor Advisory