CVE-2018-8008 is a vulnerability in Apache Storm
Published on June 5, 2018
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
Products Associated with CVE-2018-8008
Want to know whenever a new CVE is published for Apache Storm? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Storm Version Apache Storm 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier is affected by CVE-2018-8008Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.