Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2019-14452First vendor Publication2019-07-30
VendorCveLast vendor Modification2019-08-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14452

CWE : Common Weakness Enumeration

%idName
100 %CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application40
Os3

Sources (Detail)

SourceUrl
MISC https://github.com/Sigil-Ebook/flightcrew/issues/52#issuecomment-505967936
https://github.com/Sigil-Ebook/flightcrew/issues/52#issuecomment-505997355
https://github.com/Sigil-Ebook/Sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ce...
https://github.com/Sigil-Ebook/Sigil/commit/0979ba8d10c96ebca330715bfd4494ea0...
https://github.com/Sigil-Ebook/Sigil/commit/369eebe936e4a8c83cc54662a3412ce8b...
https://github.com/Sigil-Ebook/Sigil/compare/ea7f27d...5b867e5
https://github.com/Sigil-Ebook/Sigil/releases/tag/0.9.16
https://salvatoresecurity.com/zip-slip-in-sigil-cve-2019-14452/
UBUNTU https://usn.ubuntu.com/4085-1/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2019-09-12 12:11:04
  • Multiple Updates
2019-08-06 05:19:21
  • Multiple Updates
2019-08-05 17:19:21
  • Multiple Updates
2019-08-01 21:19:45
  • Multiple Updates
2019-07-31 17:19:12
  • Multiple Updates
2019-07-31 09:19:48
  • First insertion