Description
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
Remediation
References
https://access.redhat.com/errata/RHSA-2018:2276
https://access.redhat.com/errata/RHSA-2018:2277
https://access.redhat.com/errata/RHSA-2018:2279
https://access.redhat.com/errata/RHSA-2018:2423
https://access.redhat.com/errata/RHSA-2018:2424
https://access.redhat.com/errata/RHSA-2018:2425
https://access.redhat.com/errata/RHSA-2018:2428
https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2019:0877
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862
https://snyk.io/research/zip-slip-vulnerability
Related Vulnerabilities
CVE-2022-25936 Vulnerability in npm package servst
CVE-2022-31186 Vulnerability in npm package next-auth
CVE-2023-27602 Vulnerability in maven package org.apache.linkis:linkis-dist
CVE-2023-37903 Vulnerability in maven package org.webjars.npm:vm2
CVE-2022-41253 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt