Description

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.

Remediation

References

https://github.com/looly/hutool/issues/162

Related Vulnerabilities

CVE-2019-0195 Vulnerability in maven package org.apache.tapestry:tapestry-core

CVE-2022-2079 Vulnerability in npm package nocodb

CVE-2022-31110 Vulnerability in npm package rsshub

CVE-2020-5428 Vulnerability in maven package org.springframework.cloud:spring-cloud-task-core

CVE-2016-10570 Vulnerability in npm package pngcrush-installer

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Third Party Advisory