MidnightBSD

Advisories for perl-archive-zip_project

CVE-2018-10860 MEDIUM

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.10
canonical ubuntu_linux 16.04
perl-archive-zip_project perl-archive-zip -
canonical ubuntu_linux 14.04
debian debian_linux 8.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 12.04