Closed Udbhav12 closed 1 year ago
Describe the bug As per https://github.com/mockingbot/react-native-zip-archive/blob/v6.0.8/android/build.gradle#L40 react-native-zip-archive is currently using 2.6.4 version of zip4j. There is a security issue which has been patched in 2.10.0 version of zip4j Refer to below link for more details https://github.com/advisories/GHSA-q62h-jw38-24vh
react-native-zip-archive
zip4j
To Reproduce NA
Expected behavior No security vulnerability
Env (please complete the following information): Package Version: - 6.0.8
Additional context Below is the CVE ID https://nvd.nist.gov/vuln/detail/CVE-2022-24615
Thanks for notifying the issue, I would upgrade it in the next release.
You can try 6.0.9-beta.0 to test your needs. Any feedback is appreciated.
Just published the fix in 6.0.9.
Describe the bug As per https://github.com/mockingbot/react-native-zip-archive/blob/v6.0.8/android/build.gradle#L40
react-native-zip-archive
is currently using 2.6.4 version ofzip4j
. There is a security issue which has been patched in 2.10.0 version of zip4j Refer to below link for more details https://github.com/advisories/GHSA-q62h-jw38-24vhTo Reproduce NA
Expected behavior No security vulnerability
Env (please complete the following information): Package Version: - 6.0.8
Additional context Below is the CVE ID https://nvd.nist.gov/vuln/detail/CVE-2022-24615