Description
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.
Remediation
References
https://github.com/looly/hutool/issues/162
Related Vulnerabilities
CVE-2020-13619 Vulnerability in npm package locutus
CVE-2018-11041 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2023-3990 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2020-2239 Vulnerability in maven package org.jenkins-ci.plugins:parameterized-remote-trigger