CVE-2020-21522

CRITICAL

halo V1.1.3 - Path Traversal and Arbitrary File Write via Zip Slip

Title source: llm
STIX 2.1

Description

An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.

References (1)

Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/halo-dev/halo/issues/418

Scores

CVSS v3 9.8
EPSS 0.0153
EPSS Percentile 71.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
halo/halo 1.1.3
Published Sep 30, 2020
Tracked Since Feb 18, 2026