VYPR

Maven package

com.alibaba.oneagent/one-java-agent-plugin

pkg:maven/com.alibaba.oneagent/one-java-agent-plugin

Vulnerabilities (1)

  • CVE-2022-25842May 1, 2022
    affected < 0.0.2fixed 0.0.2

    All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable file