How severe is CVE-2021-32825?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2021-32825?

This is classified as CWE-23, which is a common weakness in software security.

CVE-2021-32825 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. This issue may lead to arbitrary file write (with same permissions as the program running the unpack operation) if the attacker can control the archive file. Additionally, if the attacker has read access to the unpacked files, he may be able to read arbitrary system files the parent process has permissions to read. For more details including a PoC see the referenced GHSL-2020-258.

Related Vulnerabilities

CVE-2020-10619

CRITICAL

CVSS:9.1(Critical)

An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

CWE-232020

CVE-2020-4039

CRITICAL

CVSS:9.1(Critical)

SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file ...

CWE-232020

CVE-2020-8570

CRITICAL

CVSS:9.1(Critical)

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a malici...

CWE-232020

CVE-2021-24035

CRITICAL

CVSS:9.1(Critical)

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite Wha...

CWE-232021

CVE-2024-47051

CRITICAL

CVSS:9.1(Critical)

This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) vi...

CWE-232024

CVE-2024-8551

CRITICAL

CVSS:9.1(Critical)

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write a...

CWE-232024