WSO2-2021-1258: Zip Slip vulnerability in WSO2 ESB

A ZIP file based directory traversal (Zip Slip) vulnerability was identified in the WSO2 Management Console. Remote code execution may be obtained by writing/overwriting specific files.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Why no CVE?

Neither me nor the vendor requested a CVE for this vulnerability.

Requirements:

This vulnerability requires:

Valid user credentials

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
README.md		README.md
WSO2 ESB - WSO2-2021-1258.pdf		WSO2 ESB - WSO2-2021-1258.pdf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

WSO2-2021-1258: Zip Slip vulnerability in WSO2 ESB

Vendor Disclosure:

Why no CVE?

Requirements:

Proof Of Concept:

About

mbadanoiu/WSO2-2021-1258

Folders and files

Latest commit

History

Repository files navigation

WSO2-2021-1258: Zip Slip vulnerability in WSO2 ESB

Vendor Disclosure:

Why no CVE?

Requirements:

Proof Of Concept:

About

Topics

Resources

Stars

Watchers

Forks