Vulnerabilities

CVE-2021-43099

by Fred · 28/03/2022

An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe).

Date published : 2022-03-28

https://github.com/diyhi/bbs/issues/51

Similar

Tags: Cybersecurity Alert