CVE-2020-21522
CRITICALhalo V1.1.3 - Path Traversal and Arbitrary File Write via Zip Slip
Title source: llmDescription
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/halo-dev/halo/issues/418
Scores
CVSS v3
9.8
EPSS
0.0153
EPSS Percentile
71.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
halo/halo
1.1.3
Published
Sep 30, 2020
Tracked Since
Feb 18, 2026