CVE-2024-0406— Mholt/archiver: path traversal vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-0406
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Mholt/archiver: path traversal vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
archiver 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
archiver是一款压缩/解压缩实用程序。 archiver存在路径遍历漏洞。攻击者利用该漏洞创建特制的 tar 文件,该文件解压后可能允许访问受限制的文件或目录。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform 4.18 | v4.18.0-202503051333.p0.g22b273d.assembly.stream.el9 ~ * | cpe:/a:redhat:openshift:4.18::el9 | |
| Red Hat | Red Hat Advanced Cluster Security 3 | - | cpe:/a:redhat:advanced_cluster_security:3 | |
| Red Hat | Red Hat Advanced Cluster Security 3 | - | cpe:/a:redhat:advanced_cluster_security:3 | |
| Red Hat | Red Hat Advanced Cluster Security 3 | - | cpe:/a:redhat:advanced_cluster_security:3 | |
| Red Hat | Red Hat Advanced Cluster Security 4 | - | cpe:/a:redhat:advanced_cluster_security:4 | |
| Red Hat | Red Hat Advanced Cluster Security 4 | - | cpe:/a:redhat:advanced_cluster_security:4 | |
| Red Hat | Red Hat Advanced Cluster Security 4 | - | cpe:/a:redhat:advanced_cluster_security:4 |
II. Public POCs for CVE-2024-0406
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | CVE-2024-0406 POC using symlinks | https://github.com/walidpyh/CVE-2024-0406-POC | POC Details |
| 2 | vulnerable web app CVE-2024-0406 go cve | https://github.com/veissa/Desires | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-0406
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-22
- CVE-2026-8274
npitre cramfs-tools Directory cramfsck.c do_directory path t - CVE-2022-50956
WordPress Plugin amministrazione-aperta 3.7.3 Local File Rea - CVE-2026-8215
Industrial Application Software IAS Canias ERP RMI iasReques - CVE-2026-42605
AzuraCast: Path Traversal in `currentDirectory` Parameter En - CVE-2026-42574
apko dirFS has a symlink-following path traversal that allow
V. Comments for CVE-2024-0406
No comments yet