How severe is CVE-2023-0104?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2023-0104?

This is classified as CWE-29, which is a common weakness in software security.

CVE-2023-0104

HIGH Year: 2023

CVSS v3 Score

7.8

High

Weakness Type

CWE-29

View all →

Vulnerability Description

The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data.

CVE-2024-2914

HIGH

CVSS:7.8(High)

A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to o...

CWE-292024

CVE-2023-6021

HIGH

CVSS:7.5(High)

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.any...

CWE-292023

CVE-2023-6130

HIGH

CVSS:7.5(High)

Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.

CWE-292023

CVE-2023-6831

HIGH

CVSS:8.1(High)

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

CWE-292023

CVE-2023-6909

HIGH

CVSS:7.5(High)

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

CWE-292023

CVE-2024-1561

HIGH

CVSS:7.5(High)

An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifica...

CWE-292024

CVE-2023-0104

Vulnerability Description

Related Vulnerabilities

CVE-2024-2914

CVE-2023-6021

CVE-2023-6130

CVE-2023-6831

CVE-2023-6909

CVE-2024-1561