Lucene search

Veracode Vulnerability DatabaseVERACODE:42847

HistoryAug 18, 2023 - 4:40 a.m.

Arbitrary File Read

2023-08-1804:40:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

arbitrary file read

@tryghost/zip

extract.js

symlink

operating system

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

19.0%

JSON

@tryghost/zip is vulnerable to Arbitrary File Read. The vulnerability exists because the module.exports function of extract.js does not properly restrict symbolic links in uploaded files, which allows an attacker to upload a symlink, leading to arbitrary files read on the operating system.

CPENameOperatorVersion
@tryghost/ziple1.1.36
@tryghost/ziple1.1.36

CPE	Name	Operator	Version
	@tryghost/zip	le	1.1.36
	@tryghost/zip	le	1.1.36

References

github.com/TryGhost/framework/commit/b3061bff867a442cad470769ef7ad4460e7b5924

github.com/TryGhost/framework/pull/107

github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205

github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

19.0%

JSON

Related for VERACODE:42847