Amazon Linux 2 : plexus-archiver (ALAS-2018-1043)
Medium Nessus Plugin ID 110782
SynopsisThe remote Amazon Linux 2 host is missing a security update.
DescriptionA path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or vulnerable configurations.(CVE-2018-1002200)
SolutionRun 'yum update plexus-archiver' to update your system.