Vmware Spring Integration Zip vulnerabilities
3 known vulnerabilities affecting vmware/spring_integration_zip.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-22114MEDIUMCVSS 5.3fixed in 1.0.42021-03-01
CVE-2021-22114 [MEDIUM] CVE-2021-22114: Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction
nvd
CVE-2018-1263MEDIUMCVSS 4.7fixed in 1.0.22018-05-15
CVE-2018-1263 [MEDIUM] CWE-22 CVE-2018-1263: Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exp
Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the tar
nvd
CVE-2018-1261MEDIUMCVSS 4.7fixed in 1.0.12018-05-11
CVE-2018-1261 [MEDIUM] CWE-22 CVE-2018-1261: Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which
Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up ou
nvd