Path Traversal in com.alibaba.oneagent:one-java-agent-plugin

2022-05-0300:00:44

Google

osv.dev

path traversal

arbitrary file write

zip slip

remote command execution

security vulnerability

com.alibaba.oneagent:one-java-agent-plugin

EPSS

0.024

Percentile

90.0%

JSON

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

References

github.com/alibaba/one-java-agent

github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java

github.com/alibaba/one-java-agent/pull/29

github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf

github.com/alibaba/one-java-agent/pull/29/commits/b5b437f9f4c8cbfe7bdbe266e975a4bd513c13fe

nvd.nist.gov/vuln/detail/CVE-2022-25842

snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874