4.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2018-1263

GHSA ID

GHSA-87vg-5pgx-pggh

EPSS Score

0.80646%

CWE

CWE-22

Published

5/13/2022

Updated

4/12/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-1263

CVE-2018-1263: spring-integration-zip Arbitrary File Write

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

(GitHub Advisory)

4.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2018-1263

GHSA ID

GHSA-87vg-5pgx-pggh

EPSS Score

0.80646%

CWE

CWE-22

Published

5/13/2022

Updated

4/12/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.springframework.integration:spring-integration-zip	maven	< 1.0.2	1.0.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insufficient path traversal checks when processing zip entries as byte arrays (ZipResultType.BYTE_ARRAY). The pre-patch code validated paths only for FILE output types, but omitted validation for BYTE_ARRAY processing. The commit d10f537 fixed this by adding a checkPath() call in both cases. The UnZipTransformer's process method is directly responsible for handling archive entries, making it the vulnerable function. The test case added in UnZip2FileTests.java confirms this scenario by verifying traversal attempts throw exceptions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

***r*ss*s p*rti*l *ix in *V*-****-****. Pivot*l sprin*-int**r*tion-zip, v*rsions prior to *.*.*, *xpos*s *n *r*itr*ry *il* writ* vuln*r**ility, t**t **n ** ***i*v** usin* * sp**i*lly *r**t** zip *r**iv* (*****ts ot**r *r**iv*s *s w*ll, *zip*, t*r, xz

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt p*t* tr*v*rs*l ****ks w**n pro**ssin* zip *ntri*s *s *yt* *rr*ys (ZipR*sultTyp*.*YT*_*RR*Y). T** pr*-p*t** *o** v*li**t** p*t*s only *or *IL* output typ*s, *ut omitt** v*li**tion *or *YT*_*RR*Y pro**ssin*. T*

4.7

Basic Information

Concerned about an active attack path?

CVE-2018-1263: spring-integration-zip Arbitrary File Write

4.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI