All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| com.alibaba.oneagent:one-java-agent-plugin(Maven) | 0 | 0.0.2 | N/A |
CVSS Metrics
