Open mend-bolt-for-github[bot] opened 1 year ago
An open source java library to handle zip files
Library home page: http://www.lingala.net/zip4j/
Path to dependency file: /Test_2/fs-agent-master/fs-agent-master/pom.xml
Path to vulnerable library: /2/repository/net/lingala/zip4j/zip4j/1.3.2/zip4j-1.3.2.jar
Dependency Hierarchy: - :x: **zip4j-1.3.2.jar** (Vulnerable Library)
Found in HEAD commit: c1332a92d49314dc4805835947aa0207f1209203
Found in base branch: master
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.
Publish Date: 2023-01-10
URL: CVE-2023-22899
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-2pj2-gchf-wmw7
Release Date: 2023-01-10
Fix Resolution: 2.11.3
Step up your Open Source Security Game with Mend here
CVE-2023-22899 - Medium Severity Vulnerability
Vulnerable Library - zip4j-1.3.2.jar
An open source java library to handle zip files
Library home page: http://www.lingala.net/zip4j/
Path to dependency file: /Test_2/fs-agent-master/fs-agent-master/pom.xml
Path to vulnerable library: /2/repository/net/lingala/zip4j/zip4j/1.3.2/zip4j-1.3.2.jar
Dependency Hierarchy: - :x: **zip4j-1.3.2.jar** (Vulnerable Library)
Found in HEAD commit: c1332a92d49314dc4805835947aa0207f1209203
Found in base branch: master
Vulnerability Details
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.
Publish Date: 2023-01-10
URL: CVE-2023-22899
CVSS 3 Score Details (5.9)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-2pj2-gchf-wmw7
Release Date: 2023-01-10
Fix Resolution: 2.11.3
Step up your Open Source Security Game with Mend here