Unrated severityNVD Advisory· Published Mar 28, 2022· Updated Aug 4, 2024
CVE-2021-43099
CVE-2021-43099
Description
An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- bbs/bbsdescription
Patches
Vulnerability mechanics
References
1- github.com/diyhi/bbs/issues/51mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.