Description
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.
Remediation
References
https://github.com/looly/hutool/issues/162
Related Vulnerabilities
CVE-2019-0195 Vulnerability in maven package org.apache.tapestry:tapestry-core
CVE-2022-2079 Vulnerability in npm package nocodb
CVE-2022-31110 Vulnerability in npm package rsshub
CVE-2020-5428 Vulnerability in maven package org.springframework.cloud:spring-cloud-task-core
CVE-2016-10570 Vulnerability in npm package pngcrush-installer