CVE-2018-1002202

zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:zip4j_project:zip4j:*:*:*:*:*:*:*:*

Information

Published : 2018-07-25 10:29

Updated : 2019-10-09 16:32


NVD link : CVE-2018-1002202

Mitre link : CVE-2018-1002202


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

zip4j_project

  • zip4j