CVE-2018-25046: Cloud Foundry Archiver vulnerable to path traversal

December 28, 2022 (updated December 30, 2022)

Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

References

github.com/advisories/GHSA-32qh-8vg6-9g43
github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840
nvd.nist.gov/vuln/detail/CVE-2018-25046
pkg.go.dev/vuln/GO-2020-0025
snyk.io/research/zip-slip-vulnerability

Detect and mitigate CVE-2018-25046 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →