4 matches found
ai.foxpay.api:foxpay-sdk (>=1.0 <=1.1), ai.genauth:genauth-java-sdk (=3.1.11) +2280 more potentially affected by CVE-2023-42278 via cn.hutool:hutool-core (>=4.0.0 <=5.8.21)
cn.hutool:hutool-core MAVEN version =4.0.0, =1.0, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =j8.2.2.0, =1.0.2, =1.0.4 and more Source cves: CVE-2023-42278 Source advisory: OSV:GHSA-RR66-QH5M-W6MX...
ai.foxpay.api:foxpay-sdk (>=1.0 <=1.1), ai.genauth:genauth-java-sdk (=3.1.11) +2280 more potentially affected by CVE-2023-42276 via cn.hutool:hutool-core (>=4.0.0 <=5.8.21)
cn.hutool:hutool-core MAVEN version =4.0.0, =1.0, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =j8.2.2.0, =1.0.2, =1.0.4 and more Source cves: CVE-2023-42276 Source advisory: OSV:GHSA-RXGF-R843-G53H...
ai.foxpay.api:foxpay-sdk (>=1.0 <=1.1), ai.genauth:genauth-java-sdk (=3.1.11) +2048 more potentially affected by CVE-2023-33695 via cn.hutool:hutool-core (>=4.0.0 <=5.8.18)
cn.hutool:hutool-core MAVEN version =4.0.0, =1.0, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =j8.2.2.0, =j8.2.2.0, =1.0.2, =1.0.4 and more Source cves: CVE-2023-33695 Source advisory: OSV:GHSA-7MCW-XMX3-7P8M...
Directory Traversal
hutool-core is vulnerable to directory traversal. There is a lack of validation in the filenme when a ZIP archive is unzipped, which would allow remote attackers to overwrite arbitrary files using the ../ characters in a filename within the ZIP archive...