250 matches found
GHSA-RHQ2-2574-78MC Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...
cn.bjdd301:core-mvc (=1.0.0), cn.pa4j:act-nutzdao (=1.0) +67 more potentially affected by CVE-2018-17297 via cn.hutool:hutool-all (>=4.0.1 <=4.1.1)
cn.hutool:hutool-all MAVEN version =4.0.1, =1.0.0, =0.0.1, =0.5, =1.0.0, =1.1.0 and more Source cves: CVE-2018-17297 Source advisory: OSV:GHSA-RHQ2-2574-78MC...
Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...
Directory Traversal
hutool-core is vulnerable to directory traversal. There is a lack of validation in the filenme when a ZIP archive is unzipped, which would allow remote attackers to overwrite arbitrary files using the ../ characters in a filename within the ZIP archive...
CVE-2018-17297
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...
CVE-2018-17297
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...
CVE-2018-17297
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...
CVE-2018-17297
The vulnerability CVE-2018-17297 affects Hutool’s ZipUtil unzip implementation prior to 4.1.12, where directory traversal in a ZIP entry filename can overwrite arbitrary files. This is triggered during extraction of ZIP archives and has potential to impact file integrity on the host system. Affec...