CVE-2026-41245
- EPSS 0.32%
- Veröffentlicht 20.04.2026 15:15:24
- Zuletzt bearbeitet 23.04.2026 13:35:45
Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted ...
CVE-2026-28208
- EPSS 12.04%
- Veröffentlicht 26.02.2026 22:20:03
- Zuletzt bearbeitet 02.03.2026 21:16:27
Junrar is an open source java RAR archive library. Prior to version 7.5.8, a backslash path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when...
CVE-2022-23596
- EPSS 1.63%
- Veröffentlicht 01.02.2022 12:15:08
- Zuletzt bearbeitet 05.05.2025 17:17:57
Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files c...
CVE-2018-12418
- EPSS 1.19%
- Veröffentlicht 14.06.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:45:11
Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.