spring-integration-zip is vulnerable to arbitrary file write attacks. The vulnerability exists due to the lack of sanitization of the filename, allowing path-traversal filenames to exist and write to arbitrary file locations during the unzipping process.
CPE | Name | Operator | Version |
---|---|---|---|
spring integration zip adapter | eq | 1.0.0.RELEASE |