Skip to main content

Zip4J

3 CVEs product

Monthly

CVE-2023-22899 Maven MEDIUM POC PATCH This Month

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Zip4J
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-24615 Maven MEDIUM PATCH This Month

zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zip4J
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2018-1002202 Maven MEDIUM POC PATCH THREAT This Month

zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zip4J
NVD GitHub
CVSS 3.0
6.5
EPSS
13.1%
EPSS 1% CVSS 5.9
MEDIUM POC PATCH This Month

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Zip4J
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zip4J
NVD GitHub
EPSS 13% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zip4J
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy