CVE-2024-24569

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. ZipSecurityisBelowCurrentDirectory is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version =1.1.1, use ZipSecurity as a guard against...

CVE-2024-24569

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. ZipSecurityisBelowCurrentDirectory is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version =1.1.1, use ZipSecurity as a guard against...

CVE-2024-24569 `ZipSecurity#isBelowCurrentDirectory` is vulnerable to partial-path traversal vulnerability

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. ZipSecurityisBelowCurrentDirectory is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version =1.1.1, use ZipSecurity as a guard against...

CVE-2024-24569

Summary : CVE-2024-24569 concerns the Pixee Java Code Security Toolkit. The vulnerability lies in ZipSecurity#isBelowCurrentDirectory and affects toolkit versions ≤ 1.1.1. Technical details (from provided sources) : The partial-path traversal bypass can be triggered when an application uses the t...

PT-2024-1636 · Unknown · Pixee Java Code Security Toolkit

Name of the Vulnerable Software and Affected Versions: Pixee Java Code Security Toolkit versions =1.1.1 Description: The issue is related to a partial-path traversal bypass vulnerability in the ZipSecurityisBelowCurrentDirectory function. This vulnerability allows attackers to "escape" into sibli...