Miggo Logo
Miggo Vulnerability Database
CVE-2018-20227

CVE-2018-20227: RDF4J vulnerable to zip slip

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-20227
GHSA ID
GHSA-x3cr-x949-h5jv
EPSS Score
0.82432%
CWE
CWE-22
Published
5/14/2022
Updated
8/16/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.eclipse.rdf4j:rdf4jmaven< 2.5.02.5.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the writeEntry function's lack of path normalization/sanitization before writing files. The patch added a critical security check using getCanonicalFile().toPath().startsWith(destDir.toPath()) to prevent directory traversal. The pre-patch code directly used entry.getName() to construct output paths, making it vulnerable to zip-slip attacks. The test case added in the commit explicitly tests for this scenario, confirming the function's role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

R***J prior to *.*.* *llows *ir**tory Tr*v*rs*l vi* ../ in *n *ntry in * ZIP *r**iv*.

Reasoning

T** vuln*r**ility st*ms *rom t** `writ**ntry` *un*tion's l**k o* p*t* norm*liz*tion/s*nitiz*tion ***or* writin* *il*s. T** p*t** ***** * *riti**l s**urity ****k usin* `**t**noni**l*il*()`.`toP*t*()`.`st*rtsWit*`(`**st*ir`.`toP*t*()`) to pr*v*nt *ir**