CVE-2018-20250 - Vulnerability Details - OpenCVE

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since Feb. 15, 2022.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Rarlab	Winrar

Configuration 1 [-]

cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html
http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace
http://www.securityfocus.com/bid/106948
https://github.com/blau72/CVE-2018-20250-WinRAR-ACE
https://research.checkpoint.com/extracting-code-execution-from-winrar/
https://www.exploit-db.com/exploits/46552/
https://www.exploit-db.com/exploits/46756/
https://www.win-rar.com/whatsnew.html

History

Fri, 07 Feb 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-02-15'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: checkpoint

Published: 2019-02-05T20:00:00.000Z

Updated: 2025-02-07T13:40:40.468Z

Reserved: 2018-12-19T00:00:00.000Z

Link: CVE-2018-20250

Vulnrichment

Updated: 2024-08-05T11:58:19.126Z

NVD

Status : Modified

Published: 2019-02-05T20:29:00.243

Modified: 2025-02-07T14:15:44.357

Link: CVE-2018-20250

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "WinRAR", "vendor": "Check Point Software Technologies Ltd.", "versions": [{"status": "affected", "version": "All versions prior and including 5.61"}]}], "datePublic": "2019-02-05T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-36", "description": "CWE-36: Absolute Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-25T18:06:08.000Z", "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE"}, {"tags": ["x_refsource_MISC"], "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"}, {"name": "46552", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/46552/"}, {"name": "106948", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106948"}, {"tags": ["x_refsource_MISC"], "url": "https://www.win-rar.com/whatsnew.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace"}, {"name": "46756", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/46756/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@checkpoint.com", "DATE_PUBLIC": "2019-02-05T00:00:00", "ID": "CVE-2018-20250", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WinRAR", "version": {"version_data": [{"version_value": "All versions prior and including 5.61"}]}}]}, "vendor_name": "Check Point Software Technologies Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-36: Absolute Path Traversal"}]}]}, "references": {"reference_data": [{"name": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE", "refsource": "MISC", "url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE"}, {"name": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", "refsource": "MISC", "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"}, {"name": "46552", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46552/"}, {"name": "106948", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106948"}, {"name": "https://www.win-rar.com/whatsnew.html", "refsource": "MISC", "url": "https://www.win-rar.com/whatsnew.html"}, {"name": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"}, {"name": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace", "refsource": "MISC", "url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace"}, {"name": "46756", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46756/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:58:19.126Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"}, {"name": "46552", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46552/"}, {"name": "106948", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106948"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.win-rar.com/whatsnew.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace"}, {"name": "46756", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46756/"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-07T13:40:28.345239Z", "id": "CVE-2018-20250", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-02-15", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-20250"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T13:40:40.468Z"}}]}, "cveMetadata": {"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "assignerShortName": "checkpoint", "cveId": "CVE-2018-20250", "datePublished": "2019-02-05T20:00:00.000Z", "dateReserved": "2018-12-19T00:00:00.000Z", "dateUpdated": "2025-02-07T13:40:40.468Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/46552/", "name": "46552", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/106948", "name": "106948", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://www.win-rar.com/whatsnew.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/46756/", "name": "46756", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:58:19.126Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2018-20250", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T13:40:28.345239Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-02-15", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-20250"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T13:40:03.795Z"}}], "cna": {"affected": [{"vendor": "Check Point Software Technologies Ltd.", "product": "WinRAR", "versions": [{"status": "affected", "version": "All versions prior and including 5.61"}]}], "datePublic": "2019-02-05T00:00:00.000Z", "references": [{"url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE", "tags": ["x_refsource_MISC"]}, {"url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", "tags": ["x_refsource_MISC"]}, {"url": "https://www.exploit-db.com/exploits/46552/", "name": "46552", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://www.securityfocus.com/bid/106948", "name": "106948", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://www.win-rar.com/whatsnew.html", "tags": ["x_refsource_MISC"]}, {"url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html", "tags": ["x_refsource_MISC"]}, {"url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace", "tags": ["x_refsource_MISC"]}, {"url": "https://www.exploit-db.com/exploits/46756/", "name": "46756", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}], "descriptions": [{"lang": "en", "value": "In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-36", "description": "CWE-36: Absolute Path Traversal"}]}], "providerMetadata": {"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint", "dateUpdated": "2019-04-25T18:06:08.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "All versions prior and including 5.61"}]}, "product_name": "WinRAR"}]}, "vendor_name": "Check Point Software Technologies Ltd."}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE", "name": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE", "refsource": "MISC"}, {"url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", "name": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", "refsource": "MISC"}, {"url": "https://www.exploit-db.com/exploits/46552/", "name": "46552", "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/bid/106948", "name": "106948", "refsource": "BID"}, {"url": "https://www.win-rar.com/whatsnew.html", "name": "https://www.win-rar.com/whatsnew.html", "refsource": "MISC"}, {"url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html", "name": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html", "refsource": "MISC"}, {"url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace", "name": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace", "refsource": "MISC"}, {"url": "https://www.exploit-db.com/exploits/46756/", "name": "46756", "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-36: Absolute Path Traversal"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-20250", "STATE": "PUBLIC", "ASSIGNER": "cve@checkpoint.com", "DATE_PUBLIC": "2019-02-05T00:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2018-20250", "state": "PUBLISHED", "dateUpdated": "2025-02-07T13:40:40.468Z", "dateReserved": "2018-12-19T00:00:00.000Z", "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "datePublished": "2019-02-05T20:00:00.000Z", "assignerShortName": "checkpoint"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-08-15", "cisaExploitAdd": "2022-02-15", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "WinRAR Absolute Path Traversal Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EA0C7CE-99E6-4C92-AE89-6C6A8DF92126", "versionEndIncluding": "5.61", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path."}, {"lang": "es", "value": "En WinRAR, en versiones anteriores a la 5.61, hay una vulnerabilidad de salto de directorio al manipular el campo \"filename\" del formato ACE (en UNACEV2.dll). Cuando este campo se manipula con patrones espec\u00edficos, la carpeta de destino (extracci\u00f3n) se ignora, tratando el nombre de archivo como ruta absoluta."}], "id": "CVE-2018-20250", "lastModified": "2025-02-07T14:15:44.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2019-02-05T20:29:00.243", "references": [{"source": "cve@checkpoint.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"}, {"source": "cve@checkpoint.com", "tags": ["Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace"}, {"source": "cve@checkpoint.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106948"}, {"source": "cve@checkpoint.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE"}, {"source": "cve@checkpoint.com", "tags": ["Exploit", "Press/Media Coverage", "Third Party Advisory"], "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"}, {"source": "cve@checkpoint.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46552/"}, {"source": "cve@checkpoint.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46756/"}, {"source": "cve@checkpoint.com", "tags": ["Release Notes"], "url": "https://www.win-rar.com/whatsnew.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106948"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Press/Media Coverage", "Third Party Advisory"], "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46552/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46756/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.win-rar.com/whatsnew.html"}], "sourceIdentifier": "cve@checkpoint.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-36"}], "source": "cve@checkpoint.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}