spring-integration-zip is vulnerable to arbitrary file write. The library is missing a path check during the unzipping process, allowing a malicious user to pass a file path outside the intended directory, which can then be used to write arbitrary files within a user application. This vulnerability is related to CVE-2018-1261.
CPE | Name | Operator | Version |
---|---|---|---|
spring integration zip adapter | le | 1.0.1.RELEASE |