Open mend-bolt-for-github[bot] opened 2 years ago
An open source java library to handle zip files
Library home page: http://www.lingala.net/zip4j/
Path to dependency file: /Test_2/fs-agent-master/fs-agent-master/pom.xml
Path to vulnerable library: /2/repository/net/lingala/zip4j/zip4j/1.3.2/zip4j-1.3.2.jar
Dependency Hierarchy: - :x: **zip4j-1.3.2.jar** (Vulnerable Library)
Found in base branch: master
zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.
Publish Date: 2022-02-24
URL: CVE-2022-24615
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24615
Release Date: 2022-02-24
Fix Resolution: 2.10.0
Step up your Open Source Security Game with Mend here
CVE-2022-24615 - Medium Severity Vulnerability
Vulnerable Library - zip4j-1.3.2.jar
An open source java library to handle zip files
Library home page: http://www.lingala.net/zip4j/
Path to dependency file: /Test_2/fs-agent-master/fs-agent-master/pom.xml
Path to vulnerable library: /2/repository/net/lingala/zip4j/zip4j/1.3.2/zip4j-1.3.2.jar
Dependency Hierarchy: - :x: **zip4j-1.3.2.jar** (Vulnerable Library)
Found in base branch: master
Vulnerability Details
zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.
Publish Date: 2022-02-24
URL: CVE-2022-24615
CVSS 3 Score Details (5.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24615
Release Date: 2022-02-24
Fix Resolution: 2.10.0
Step up your Open Source Security Game with Mend here