Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None
Danny Grander reported that the unzip and untar tasks in ant, a Java
based build tool like make, allow the extraction of files outside a
target directory An attacker can take advantage of this flaw by
submitting a specially crafted Zip or Tar archive to an ant build to
overwrite any file writable by the user running ant
For the stable distributio ...
It was discovered that Ant's unzip and untar targets permit the extraction of files outside the target directory A crafted zip or tar file submitted to an Ant build could create or overwrite arbitrary files with the privileges of the user running Ant(CVE-2018-10886) ...