Security Advisories / CPANSA-Archive-Zip-2018-01

2018-06-28

Severity

Low

Source

CPAN

Package

Archive-Zip

Description

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.

Affected versions and fixes

Affected versions: <1.61

CVEs

References