Description

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

Remediation

References

https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java

https://github.com/alibaba/one-java-agent/pull/29

https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf

https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874

Related Vulnerabilities

CVE-2016-10541 Vulnerability in maven package org.webjars.npm:shell-quote

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-rs

CVE-2020-4075 Vulnerability in maven package org.webjars.npm:electron

CVE-2022-2900 Vulnerability in maven package org.webjars.npm:parse-url

CVE-2023-40339 Vulnerability in maven package org.jenkins-ci.plugins:config-file-provider

Severity

Critical

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory Patch