VYPR
Moderate severityNVD Advisory· Published Jan 10, 2023· Updated Apr 9, 2025

CVE-2023-22899

CVE-2023-22899

Description

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
net.lingala.zip4j:zip4jMaven
< 2.11.32.11.3

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.