CVE-2022-25842

Source
https://cve.org/CVERecord?id=CVE-2022-25842
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25842.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-25842
Aliases
Published
2022-05-01T15:25:39.245Z
Modified
2026-07-15T01:48:54.805256884Z
Severity
  • 6.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:L/E:P CVSS Calculator
Summary
Arbitrary File Write via Archive Extraction (Zip Slip)
Details

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/25xxx/CVE-2022-25842.json",
    "cna_assigner": "snyk"
}
References

Affected packages

Git / github.com/alibaba/one-java-agent

Affected ranges

Type
GIT
Repo
https://github.com/alibaba/one-java-agent
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

Other
0
one-java-agent-parent-0.*
one-java-agent-parent-0.0.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25842.json"