How severe is CVE-2023-5938?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2023-5938?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2023-5938 - HIGH Severity | CVSS 8

Vulnerability Description

Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to have arbitrary files extracted to arbitrary filesystem locations. Leveraging this issue, an attacker may be able to overwrite arbitrary files on the target filesystem and cause critical impacts on the system (e.g., arbitrary command execution on the victim’s machine).

Related Vulnerabilities

CVE-2015-8798

HIGH

CVSS:8.0(High)

Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for C...

CWE-222015

CVE-2018-11494

HIGH

CVSS:8.0(High)

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step...

CWE-222018

CVE-2018-16221

HIGH

CVSS:8.0(High)

The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remo...

CWE-222018

CVE-2018-7771

HIGH

CVSS:8.0(High)

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard...

CWE-222018

CVE-2019-0887

HIGH

CVSS:8.0(High)

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Service...

CWE-222019

CVE-2019-10220

HIGH

CVSS:8.0(High)

Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.

CWE-222019