Description

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

Remediation

References

https://github.com/alibaba/one-java-agent/pull/29

https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874

https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf

https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java

Related Vulnerabilities

CVE-2013-7370 Vulnerability in maven package org.webjars.npm:connect

CVE-2023-26049 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2023-22467 Vulnerability in maven package org.webjars.bowergithub.moment:luxon

CVE-2020-6422 Vulnerability in npm package electron

CVE-2022-1291 Vulnerability in maven package org.webjars.npm:tableexport.jquery.plugin

Severity

Critical

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Patch Third Party Advisory Exploit