spring-integration-zip is vulnerable to an arbitrary file rewrite (aka) a zip slip vulnerability. An incomplete fix of CVE-2018-1263 allows an attacker to send a malicious zip archive (bzip2, tar, xz, war, cpio, 7z) with path traversal filenames, leading to writing of files outside of the target directory.
CPE | Name | Operator | Version |
---|---|---|---|
spring integration zip adapter | le | 1.0.3.RELEASE |