logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2018-17297 cn.hutool:hutool-core

Package

Manager: maven
Name: cn.hutool:hutool-core
Vulnerable Version: >=0 <4.1.12

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00544 pctl0.66767

Details

Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.

Metadata

Created: 2018-10-17T19:54:53Z
Modified: 2022-04-27T14:42:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-rhq2-2574-78mc/GHSA-rhq2-2574-78mc.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-rhq2-2574-78mc
Finding: F063
Auto approve: 1