CVE-2024-1485

CRITICAL Year: 2024
CVSS v3 Score
9.3
Critical
Weakness Type
CWE-23
View all →

Vulnerability Description

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.

Related Vulnerabilities

CVE-2020-10619

CRITICAL
CVSS:9.1(Critical)

An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

CWE-232020

CVE-2020-4039

CRITICAL
CVSS:9.1(Critical)

SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file ...

CWE-232020

CVE-2020-8570

CRITICAL
CVSS:9.1(Critical)

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a malici...

CWE-232020

CVE-2021-24035

CRITICAL
CVSS:9.1(Critical)

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite Wha...

CWE-232021

CVE-2021-32825

CRITICAL
CVSS:9.1(Critical)

bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbo...

CWE-232021

CVE-2024-47051

CRITICAL
CVSS:9.1(Critical)

This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) vi...

CWE-232024