advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-q62h-jw38-24vh] Uncaught Exception in zip4j

Open SunBK201 opened this issue 1 year ago • 1 comments

Updates

  • Affected products

Comments According to Patch, this vulnerability was introduced from 2.0.

SunBK201 avatar Jun 05 '24 14:06 SunBK201

👋 Hi @SunBK201, I'm unable to find any information in the patch that says net.lingala.zip4j:zip4j became vulnerable in version 2.0. In addition, the maintainer of https://github.com/srikanth-lingala/zip4j previously submitted a community contribution (https://github.com/github/advisory-database/pull/187) when a fixed version became available, and the maintainer made no changes to the lower bound of the vulnerable version range. Do you have any other information to support adding 2.0 as the minimum vulnerable version?

shelbyc avatar Jun 05 '24 16:06 shelbyc