SymmetricalDataSecurity: Security Bulletin: CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory.

Thursday, November 12, 2020

Security Bulletin: CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory.

Nov 12, 2020 7:07 pm EST

Share this post:

ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory. A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant.

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
UCD – IBM UrbanCode Deploy	6.2.7.4
UCD – IBM UrbanCode Deploy	6.2.7.3
UCD – IBM UrbanCode Deploy	7.0.4.0
UCD – IBM UrbanCode Deploy	7.0.3.0
UCD – IBM UrbanCode Deploy	All

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6360841

from IBM Product Security Incident Response Team https://ift.tt/32I3BtU

SymmetricalDataSecurity

Thursday, November 12, 2020

Security Bulletin: CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory.

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews