Skip to main content

Extract

2 CVEs product

Monthly

CVE-2024-47877 Go MEDIUM PATCH This Month

Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Extract
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2019-12739 HIGH POC This Week

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection Nextcloud Extract
NVD
CVSS 3.0
8.8
EPSS
2.6%
EPSS 1% CVSS 6.9
MEDIUM PATCH This Month

Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Extract
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy