Path traversal

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

CVE-2018-1261

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

CVE-2018-1261

The CVE-2018-1261 entry concerns spring-integration-zip. Affected component: spring-integration-zip prior to version 1.0.1. Vulnerability: arbitrary file write via path traversal in zip archives (including nested formats like zip, tar, 7z, etc.) when a crafted filename is concatenated to the targ...

Arbitrary File Write

spring-integration-zip is vulnerable to arbitrary file write attacks. The vulnerability exists due to the lack of sanitization of the filename, allowing path-traversal filenames to exist and write to arbitrary file locations during the unzipping process...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview org.springframework.integration:spring-integration-zip provides Zip un- compression support. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". It is exploited using a specially crafted zip archive, that holds path traversal...