CVE-2018-12036
HIGHOWASP Dependency-Check <3.2.0 - Path Traversal
Title source: llmDescription
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
Exploits (1)
nomisec
WRITEUP
by shoucheng3 · poc
https://github.com/shoucheng3/jeremylong__DependencyCheck_CVE-2018-12036_3-1-2
Scores
CVSS v3
7.8
EPSS
0.0018
EPSS Percentile
38.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
CWE-123
Status
published
Products (2)
org.owasp/dependency-check-maven
0 - 3.2.0Maven
owasp/dependency-check
< 3.2.0
Published
Jun 07, 2018
Tracked Since
Feb 18, 2026