MGASA-2019-0005

Source
https://advisories.mageia.org/MGASA-2019-0005.html
Import Source
https://advisories.mageia.org/MGASA-2019-0005.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2019-0005
Related
Published
2019-01-05T18:30:16Z
Modified
2019-01-05T18:02:30Z
Summary
Updated plexus-archiver packages fix security vulnerability
Details

A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or vulnerable configurations (CVE-2018-1002200).

References
Credits

Affected packages

Mageia:6 / plexus-archiver

Package

Name
plexus-archiver
Purl
pkg:rpm/mageia/plexus-archiver?arch=source&distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4-1.1.mga6

Ecosystem specific

{
    "section": "core"
}