CVE-2023-46122 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-46122

CVE-2023-46122

October 23, 2023

sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt's main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.

Related Resources (6)

https://github.com/sbt/io/issues/358

https://github.com/sbt/io/commit/124538348db0713c80793cb57b915f97ec13188a

https://github.com/sbt/io/pull/360

https://github.com/sbt/sbt/security/advisories/GHSA-h9mw-grgx-2fhf

https://nvd.nist.gov/vuln/detail/CVE-2023-46122

https://github.com/sbt/sbt

Do you need more information?

CVSS v4

Base Score:

2.4

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

PASSIVE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

3.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

EPSS

Base Score:

0.03

Products

Solutions

Resources

Company

Compare

Developer Tools