/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-68m9-w8hc-8h64

Published

Last updated

https://images.chainguard.dev/security/CGA-68m9-w8hc-8h64
Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update
Fix not planned
Aliases
  • CVE-2018-1002200
  • GHSA-hcxq-x77q-3469

Severity

Unknown

Summary

Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver

Description

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs