Medium severity5.5NVD Advisory· Published Jul 27, 2018· Updated Jun 17, 2026
CVE-2018-10862
CVE-2018-10862
Description
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.wildfly.core:wildfly-serverMaven | < 6.0.0.Alpha3 | 6.0.0.Alpha3 |
Affected products
1Patches
Vulnerability mechanics
References
13- access.redhat.com/errata/RHSA-2018:2276nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2277nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2279nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2423nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2424nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2425nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2428nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2643nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:0877nvdVendor AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-w8r2-5j8x-x8j6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-10862ghsaADVISORY
- snyk.io/research/zip-slip-vulnerabilitynvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.