2 matches found
CVE-2023-39137
Archive v3.3.7 contains a vulnerability that allows attackers to spoof ZIP filenames, resulting in inconsistent filename parsing. The CVE entry CVE-2023-39137 is mapped to this issue; the core detail across connected sources is that the vulnerability arises in Archive v3.3.7 and affects parsing o...
CVE-2023-39139
The CVE-2023-39139 entry concerns Archive v3.3.7, where a crafted zip file can trigger a path traversal during extraction. Affected component: Archive library (version 3.3.7). Root cause: path traversal vulnerability in zip extraction. Impact: as per CVSS, high confidentiality, integrity, and ava...