| 제목 | HummerRisk <=1.5.0 Path Traversal via Zip Slip |
|---|
| 설명 | A critical path traversal vulnerability exists in the archive extraction functionality of HummerRisk version <=1.5.0. When processing tar.gz and zip file uploads, the application fails to validate file paths within archives, allowing authenticated attackers to write arbitrary files to the filesystem. This vulnerability, known as Zip Slip, can lead to complete system compromise through multiple attack vectors including SSH key injection, cron job creation, web shell upload, and library replacement. An attacker with valid credentials and file upload permissions can achieve remote code execution with application privileges, potentially escalating to root access.
|
|---|
| 원천 | ⚠️ https://github.com/AnalogyC0de/public_exp/issues/11 |
|---|
| 사용자 | Ana10gy (UID 93358) |
|---|
| 제출 | 2026. 02. 13. PM 03:56 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 23. PM 07:51 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 347418 [HummerRisk 까지 1.5.0 Archive Extraction CommandUtils.java extractTarGZ/extractZip 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|