Path traversal

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

CVE-2018-1261

The CVE-2018-1261 entry concerns spring-integration-zip. Affected component: spring-integration-zip prior to version 1.0.1. Vulnerability: arbitrary file write via path traversal in zip archives (including nested formats like zip, tar, 7z, etc.) when a crafted filename is concatenated to the targ...

CVE-2018-1261

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

Arbitrary File Write

spring-integration-zip is vulnerable to arbitrary file write attacks. The vulnerability exists due to the lack of sanitization of the filename, allowing path-traversal filenames to exist and write to arbitrary file locations during the unzipping process...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview org.springframework.integration:spring-integration-zip provides Zip un- compression support. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". It is exploited using a specially crafted zip archive, that holds path traversal...