Do your applications use this vulnerable package?
Test your applications
Overview
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
References
- Apple Security Advisory
- Bugtraq Mailing List
- CVE Details
- Debian Bug Report
- Debian Security Advisory
- Debian Security Tracker
- MISC
- Netapp Security Advisory
- RHSA Security Advisory
- Seclists Full Disclosure
- Security Focus
- Security Tracker
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory
CVSS Score
7.5
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityNone
-
IntegrityHigh
-
AvailabilityNone
- CVE
- CVE-2018-12015
- CWE
- CWE-59
- Snyk ID
- SNYK-DEBIAN8-PERL-327721
- Disclosed
- 07 Jun, 2018
- Published
- 07 Jun, 2018