CVE-2022-25842
CVE-2022-25842 affects all versions of com.alibaba.oneagent:one-java-agent-plugin. It is vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip): a crafted archive with directory traversal filenames (e.g., ../../evil.exe) can cause sensitive files to be overwritten, enabling remote c...