Open mend-bolt-for-github[bot] opened 2 years ago
Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/zip4j
Path to dependency file: /pom.xml
Path to vulnerable library: /canner/.m2/repository/net/lingala/zip4j/zip4j/1.3.3/zip4j-1.3.3.jar
Dependency Hierarchy: - :x: **zip4j-1.3.3.jar** (Vulnerable Library)
Found in HEAD commit: 34ce0f6524391068ef5b880f65575eb3eb499124
Found in base branch: master
zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.
Publish Date: 2022-02-24
URL: CVE-2022-24615
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24615
Release Date: 2022-02-24
Fix Resolution: 2.10.0
Step up your Open Source Security Game with Mend here
CVE-2022-24615 - Medium Severity Vulnerability
Sonatype helps open source projects to set up Maven repositories on https://oss.sonatype.org/
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/zip4j
Path to dependency file: /pom.xml
Path to vulnerable library: /canner/.m2/repository/net/lingala/zip4j/zip4j/1.3.3/zip4j-1.3.3.jar
Dependency Hierarchy: - :x: **zip4j-1.3.3.jar** (Vulnerable Library)
Found in HEAD commit: 34ce0f6524391068ef5b880f65575eb3eb499124
Found in base branch: master
zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.
Publish Date: 2022-02-24
URL: CVE-2022-24615
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24615
Release Date: 2022-02-24
Fix Resolution: 2.10.0
Step up your Open Source Security Game with Mend here