GHSA-vgwr-773q-7j3c
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vgwr-773q-7j3c
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-vgwr-773q-7j3c/GHSA-vgwr-773q-7j3c.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vgwr-773q-7j3c
- Aliases
- Published
- 2021-03-24T17:58:13Z
- Modified
- 2025-04-03T15:26:49.778732Z
- Summary
- Path Traversal within joomla/archive zip class
- Details
-
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.
- Database specific
{ "github_reviewed": true, "severity": "MODERATE", "cwe_ids": [ "CWE-22" ], "nvd_published_at": null, "github_reviewed_at": "2021-03-24T17:57:48Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-26028
- https://github.com/joomla-framework/archive/commit/32c9009a1020d16bc1060c0d06339898b697cf2c
- https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html
- https://github.com/FriendsOfPHP/security-advisories/blob/master/joomla/archive/CVE-2021-26028.yaml
Affected packages
Packagist / joomla/archive
Package
- Name
- joomla/archive
- Purl
- pkg:composer/joomla/archive