Grin
CVE-2019-9195
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary code via directory traversal in a ZIP archive.
AnalysisAI
util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary code via directory traversal in a ZIP archive. Affected products include: Grin. Version information: before 1.0.2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble. Rated high severity (CVSS 7.5), thi
Grin through 2.1.1 has Insufficient Validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitab
Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain. Rated medium s
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today