Oval Definition:	oval:com.ubuntu.cosmic:def:201810022000000000
Revision Date: 2018-07-25 Version: 1 Title: CVE-2018-1002200 on Ubuntu 18.10 (cosmic) - medium. Description: plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. Family: unix Class: vulnerability Status: Reference(s): CVE-2018-1002200 Platform(s): Ubuntu 18.10 Product(s): Definition Synopsis Ubuntu 18.10 (cosmic) is installed. AND plexus-archiver package in cosmic, is related to the CVE in some way and has been fixed (note: '3.6.0-2').
BACK