CVE-2018-1002200
MEDIUMPlexus-archiver <3.6.0 - Path Traversal
Title source: llmDescription
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Exploits (3)
nomisec
WRITEUP
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2018-1002200-plexus-archiver-vulnerable
nomisec
WRITEUP
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2018-1002200-plexus-archiver-vulnerable
nomisec
STUB
by shoucheng3 · poc
https://github.com/shoucheng3/codehaus-plexus__plexus-archiver_CVE-2018-1002200_3-5
References (8)
Scores
CVSS v3
5.5
EPSS
0.0410
EPSS Percentile
88.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (7)
codehaus-plexus/plexus-archiver
< 3.6.0
debian/debian_linux
8.0
debian/debian_linux
9.0
org.codehaus.plexus/plexus-archiver
0 - 3.6.0Maven
redhat/enterprise_linux
7.5
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_workstation
7.0
Published
Jul 25, 2018
Tracked Since
Feb 18, 2026