Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9
CVE-2023-22899
- EPSS 0.16%
- Veröffentlicht 10.01.2023 02:15:09
- Zuletzt bearbeitet 09.04.2025 16:15:23
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.
5.5
CVE-2022-24615
- EPSS 0.28%
- Veröffentlicht 24.02.2022 15:15:29
- Zuletzt bearbeitet 21.11.2024 06:50:45
zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.
6.5
CVE-2018-1002202
- EPSS 1.32%
- Veröffentlicht 25.07.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:39
zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
1