3.9

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-46122

GHSA ID

GHSA-h9mw-grgx-2fhf

EPSS Score

0.05995%

CWE

CWE-22

Published

10/24/2023

Updated

11/10/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-46122

CVE-2023-46122: sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)

Impact

Given specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. The follow is an example of a malicious entry:

+2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys

This would have a potential to overwrite /root/.ssh/authorized_keys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however many projects use IO.unzip(...) directly to implement custom tasks - https://github.com/search?q=IO.unzip+language%3AScala&type=code&l=Scala&p=1

Patches

The problem has been patched in https://github.com/sbt/io/pull/360 sbt 1.9.7 is available with the fix.

Workarounds

A workaround might be use some other library to unzip.

References

https://github.com/snyk/zip-slip-vulnerability
https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31680
https://github.com/sbt/io/issues/358

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-46122

CVE-2023-46122:

3.9

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-46122

GHSA ID

GHSA-h9mw-grgx-2fhf

EPSS Score

0.05995%

CWE

CWE-22

Published

10/24/2023

Updated

11/10/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.scala-sbt:sbt	maven	>= 0.3.4, < 1.9.7	1.9.7
org.scala-sbt:io_2.12	maven	>= 1.0.0, < 1.9.7	1.9.7
org.scala-sbt:io_2.13

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from sbt's IO.unzip method and its internal extract() function handling ZIP entries without proper path validation. The provided commit diff shows the fix added path normalization checks in extract(), and vulnerability reports explicitly mention IO.unzip as the entry point. Both functions were directly processing ZIP entries using new File(toDirectory, name) without guarding against path traversal, making them the core vulnerable components.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

3.9

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-46122: sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)

Impact

Patches

Workarounds

References

CVE-2023-46122:

3.9

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

3.9

3.9

CVE-2023-46122: sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)

Impact

Patches

Workarounds

References

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI