Primary

Context

Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability

Vulnerability

A directory traversal vulnerability allowing remote code execution has been identified in Allegra versions prior to 8.1.2. This issue arises in the extractFileFromZip method, where user-supplied paths are not properly validated before being used in file operations. As a result, authenticated attackers can exploit this vulnerability to execute arbitrary code within the context of the current process.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Remediation

Users are advised to update to Allegra version 8.1.2 or later, where this vulnerability has been addressed.

Added: Jun 6, 2025, 7:22 PM

Updated: Jun 6, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating