vulnerability
SUSE: CVE-2023-46122: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:N/C:N/I:C/A:C) | Oct 23, 2023 | Nov 23, 2023 | Jan 28, 2025 |
Severity
6
CVSS
(AV:L/AC:M/Au:N/C:N/I:C/A:C)
Published
Oct 23, 2023
Added
Nov 23, 2023
Modified
Jan 28, 2025
Description
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt's main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.
Solutions
suse-upgrade-mavensuse-upgrade-maven-javadocsuse-upgrade-maven-libsuse-upgrade-maven-resolversuse-upgrade-maven-resolver-apisuse-upgrade-maven-resolver-connector-basicsuse-upgrade-maven-resolver-implsuse-upgrade-maven-resolver-javadocsuse-upgrade-maven-resolver-named-lockssuse-upgrade-maven-resolver-spisuse-upgrade-maven-resolver-test-utilsuse-upgrade-maven-resolver-transport-classpathsuse-upgrade-maven-resolver-transport-filesuse-upgrade-maven-resolver-transport-httpsuse-upgrade-maven-resolver-transport-wagonsuse-upgrade-maven-resolver-utilsuse-upgrade-sbtsuse-upgrade-sbt-bootstrapsuse-upgrade-xmvnsuse-upgrade-xmvn-apisuse-upgrade-xmvn-connectorsuse-upgrade-xmvn-connector-javadocsuse-upgrade-xmvn-coresuse-upgrade-xmvn-installsuse-upgrade-xmvn-minimalsuse-upgrade-xmvn-mojosuse-upgrade-xmvn-mojo-javadocsuse-upgrade-xmvn-parentsuse-upgrade-xmvn-resolvesuse-upgrade-xmvn-substsuse-upgrade-xmvn-tools-javadoc
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.