advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-rhq2-2574-78mc] Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal

Open MarkLee131 opened this issue 1 year ago • 1 comments

Updates

  • References

Comments Add a patch https://github.com/looly/hutool/commit/8d7d0b7fb5ea4f7447b40131bffc1ec506a6528e, of which the commit message claims fix slip bug

Add a patch https://github.com/looly/hutool/commit/fed1a1f747a9308e2f65f8dbbff05ce62478ecc0, of which the commit message claims fix zip bug

Add a patch https://github.com/looly/hutool/commit/9f8a801c7b98b75ee681c0988e1a58bcfdc21756, of which the commit message claims fix path problem

MarkLee131 avatar Mar 03 '24 17:03 MarkLee131

Hi @MarkLee131, the commits listed seem to be tagged for a different version than the fix version 4.1.12. Are you sure these are correct?

darakian avatar Mar 04 '24 22:03 darakian

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

taladrane avatar Mar 20 '24 00:03 taladrane

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

taladrane avatar Apr 07 '24 00:04 taladrane