com.alibaba.oneagent:one-java-agent-plugin@0.0.2 vulnerabilities
-
latest version
0.0.2
-
first published
3 years ago
-
latest version published
2 years ago
-
licenses detected
- [0.0.1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.alibaba.oneagent:one-java-agent-plugin package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? A fix was pushed into the |
[0,)
|