Описание
pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libpf4j-java | unfixed | package |
Примечания
https://github.com/pf4j/pf4j/issues/618
https://github.com/pf4j/pf4j/issues/623
Fixed by: https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14 (release-3.14.1)
EPSS
Связанные уязвимости
pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.
pf4j is vulnerable to Path Traversal or Zip Slip attack through improper handling of zip entry names
EPSS