CVE-2018-8008: Path Traversal

June 5, 2018 (updated July 20, 2018)

Apache Storm expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside the target folder.

References

www.securityfocus.com/bid/104418
nvd.nist.gov/vuln/detail/CVE-2018-8008

Detect and mitigate CVE-2018-8008 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →