VYPR

Maven package

org.springframework.integration/spring-integration-zip

pkg:maven/org.springframework.integration/spring-integration-zip

Vulnerabilities (3)

  • CVE-2021-22114MedMar 1, 2021
    affected < 1.0.4fixed 1.0.4

    Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path trav

  • CVE-2018-1263MedMay 15, 2018
    affected < 1.0.2fixed 1.0.2

    Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds p

  • CVE-2018-1261MedMay 11, 2018
    affected < 1.0.1fixed 1.0.1

    Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets