perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 16.04 |
| perl-archive-zip_project | perl-archive-zip | - |
| canonical | ubuntu_linux | 14.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 12.04 |