CVE-2018-12036

HIGH

OWASP Dependency-Check <3.2.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-12036. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository contains documentation and source code for OWASP Dependency-Check, a tool for detecting vulnerabilities in project dependencies. The README provides installation and usage instructions but does not include exploit code or a PoC for CVE-2018-12036.

Description

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.

Exploits (1)

nomisec WRITEUP

by shoucheng3 · poc

https://github.com/shoucheng3/jeremylong__DependencyCheck_CVE-2018-12036_3-1-2

View Code ZIP pw:eip

This repository contains documentation and source code for OWASP Dependency-Check, a tool for detecting vulnerabilities in project dependencies. The README provides installation and usage instructions but does not include exploit code or a PoC for CVE-2018-12036.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: OWASP Dependency-Check

No auth needed

Prerequisites: None

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Release Notes x_refsource_misc

https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md#version-320-2018-05-21

Exploit, Third Party Advisory x_refsource_misc

https://github.com/snyk/zip-slip-vulnerability

View Exploit ZIP pw:eip

Scores

CVSS v3 7.8

EPSS 0.0018

EPSS Percentile 39.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-22 CWE-123

Status published

Products (2)

org.owasp/dependency-check-maven 0 - 3.2.0Maven

owasp/dependency-check < 3.2.0

Published Jun 07, 2018

Tracked Since Feb 18, 2026