5 matches found
ai.grakn:grakn-test (>=0.13.0 <=0.15.0), ai.grakn:test-integration (=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +803 more potentially affected by CVE-2018-1002202 via net.lingala.zip4j:zip4j (>=1.2.3 <=1.3.2)
net.lingala.zip4j:zip4j MAVEN version =1.2.3, =0.13.0, =1.5.0, =1.0.0, =1.0.1, =1.0.4, =2.5.7, =1.1.13, =1.0.7, =1.1.4, =2.1.0, =1.0.0, =3.0.2, =1.0.3, =3.3.0, =3.3.9 and more Source cves: CVE-2018-1002202 Source advisory: OSV:GHSA-2RPM-4X8C-PVQG...
CVE-2018-1002202
zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
CVE-2018-1002202
CVE-2018-1002202 concerns the zip4j Java library prior to 1.3.3, vulnerable to a directory traversal (Zip-Slip) when extracting a crafted Zip entry containing "..". This can allow writing to arbitrary files on the target system. Reported impact per sources indicates potential integrity impact (hi...
CVE-2018-1002202
zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...
ai.grakn:grakn-test (>=0.13.0 <=0.15.0), ai.grakn:test-integration (=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +803 more potentially affected by CVE-2018-1002202 via net.lingala.zip4j:zip4j (>=1.2.3 <=1.3.2)
net.lingala.zip4j:zip4j MAVEN version =1.2.3, =0.13.0, =1.5.0, =1.0.0, =1.0.1, =1.0.4, =2.5.7, =1.1.13, =1.0.7, =1.1.4, =2.1.0, =1.0.0, =3.0.2, =1.0.3, =3.3.0, =3.3.9 and more Source cves: CVE-2018-1002202 Source advisory: SNYK:JAVA-NETLINGALAZIP4J-31679...