Description
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.
Remediation
References
https://github.com/looly/hutool/issues/162
Related Vulnerabilities
CVE-2020-6449 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-43416 Vulnerability in maven package org.jenkins-ci.plugins:katalon
CVE-2015-8862 Vulnerability in npm package mustache
CVE-2013-1966 Vulnerability in maven package com.opensymphony:xwork-core
CVE-2018-14732 Vulnerability in maven package org.webjars.npm:webpack-dev-server