advisory-database [GHSA-rhq2-2574-78mc] Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal

[GHSA-rhq2-2574-78mc] Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal

Open MarkLee131 opened this issue 1 year ago • 1 comments

Updates

References

Comments Add a patch https://github.com/looly/hutool/commit/8d7d0b7fb5ea4f7447b40131bffc1ec506a6528e, of which the commit message claims fix slip bug

Add a patch https://github.com/looly/hutool/commit/fed1a1f747a9308e2f65f8dbbff05ce62478ecc0, of which the commit message claims fix zip bug

Add a patch https://github.com/looly/hutool/commit/9f8a801c7b98b75ee681c0988e1a58bcfdc21756, of which the commit message claims fix path problem

Mar 03 '24 17:03 MarkLee131

advisory-database advisory-database copied to clipboard

[GHSA-rhq2-2574-78mc] Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal

advisory-database
advisory-database copied to clipboard