Отправить #757763: HummerRisk <=1.5.0 Path Traversal via Zip SlipИнформация

НазваниеHummerRisk <=1.5.0 Path Traversal via Zip Slip
ОписаниеA critical path traversal vulnerability exists in the archive extraction functionality of HummerRisk version <=1.5.0. When processing tar.gz and zip file uploads, the application fails to validate file paths within archives, allowing authenticated attackers to write arbitrary files to the filesystem. This vulnerability, known as Zip Slip, can lead to complete system compromise through multiple attack vectors including SSH key injection, cron job creation, web shell upload, and library replacement. An attacker with valid credentials and file upload permissions can achieve remote code execution with application privileges, potentially escalating to root access.
Источник⚠️ https://github.com/AnalogyC0de/public_exp/issues/11
Пользователь
 Ana10gy (UID 93358)
Представление13.02.2026 15:56 (2 месяцы назад)
Модерация23.02.2026 19:51 (10 days later)
Статуспринято
Запись VulDB347418 [HummerRisk до 1.5.0 Archive Extraction CommandUtils.java extractTarGZ/extractZip обход каталога]
Баллы20

ПредыдущийОбзорДалее

Do you need the next level of professionalism?

Upgrade your account now!