CVE-2018-1002207

Name: CVE-2018-1002207
Creator: NVD / NIST
Published: 2018-07-25T17:29:02.047+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.53%

Last modified Jun 17, 2026

CVE-2018-1002207 is a vulnerability of currently unknown severity. mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.. EPSS estimates a 2.53% chance of exploitation in the next 30 days.

Description

mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Metrics

EPSS Probability

2.53%

82.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Archiver Project	Archiver	<= 2.0

References

https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3Issue Tracking, Patch, Third Party Advisory
https://github.com/mholt/archiver/pull/65Exploit, Issue Tracking, Patch, Third Party Advisory
https://github.com/snyk/zip-slip-vulnerabilityExploit, Third Party Advisory
https://snyk.io/research/zip-slip-vulnerabilityExploit, Third Party Advisory
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071Exploit, Third Party Advisory
https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3Issue Tracking, Patch, Third Party Advisory
https://github.com/mholt/archiver/pull/65Exploit, Issue Tracking, Patch, Third Party Advisory
https://github.com/snyk/zip-slip-vulnerabilityExploit, Third Party Advisory
https://snyk.io/research/zip-slip-vulnerabilityExploit, Third Party Advisory
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071Exploit, Third Party Advisory

Timeline

Published: Jul 25, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-1002207?

How severe is CVE-2018-1002207?

Severity scoring for CVE-2018-1002207 is pending analysis. The EPSS model estimates a 2.53% probability of exploitation in the next 30 days.

How do I fix CVE-2018-1002207?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-1002207?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST