High severity7.5NVD Advisory· Published Sep 21, 2018· Updated Jun 17, 2026
CVE-2018-17297
CVE-2018-17297
Description
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cn.hutool:hutool-parentMaven | < 4.1.12 | 4.1.12 |
cn.hutool:hutool-allMaven | < 4.1.12 | 4.1.12 |
cn.hutool:hutool-coreMaven | < 4.1.12 | 4.1.12 |
Affected products
3- ghsa-coords3 versions
< 4.1.12+ 2 more
- (no CPE)range: < 4.1.12
- (no CPE)range: < 4.1.12
- (no CPE)range: < 4.1.12
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-rhq2-2574-78mcghsaADVISORY
- github.com/looly/hutool/issues/162nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-17297ghsaADVISORY
News mentions
0No linked articles in our index yet.