CVE-2020-23172
MEDIUMKuba - Path Traversal and Arbitrary File Write via Zip Archive Extraction
Title source: llmDescription
A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/kuba--/zip/issues/123
Scores
CVSS v3
5.5
EPSS
0.0074
EPSS Percentile
50.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
kuba_project/kuba
Published
Aug 10, 2021
Tracked Since
Feb 18, 2026