Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the AddExtension function in the ExtractZip module. An attacker can write arbitrary files outside the intended directory by submitting a specially crafted VSIX file containing path traversal entries. Details A...

CVE-2026-3067 HummerRisk Archive Extraction CommandUtils.java extractZip path traversal

A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/CommandUtils.java of the component Archive Extraction. The manipulation leads to path traversal...

CVE-2026-3067

CVE-2026-3067 affects HummerRisk up to version 1.5.0, targeting the Archive Extraction code path in hummer-common-core: CommandUtils.extractTarGZ and extractZip. The issue enables path traversal via manipulation of extracted archives, and is remotely exploitable. Public disclosure of the exploit ...

PT-2026-21660

A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/CommandUtils.java of the component Archive Extraction. The manipulation leads to path traversal...

PT-2022-27340 · Unknown · Bspkrs Mcpmappingviewer

Name of the Vulnerable Software and Affected Versions: bspkrs MCPMappingViewer affected versions not specified Description: A critical issue has been found in the extractZip function of the RemoteZipHandler.java file, part of the ZIP File Handler component. This issue leads to path traversal and...