Spring Integration Zip VMware Spring Integration Zip

Do you want an email whenever new security vulnerabilities are reported in VMware Spring Integration Zip?

By the Year

In 2024 there have been 0 vulnerabilities in VMware Spring Integration Zip . Spring Integration Zip did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 1 5.30
2020 0 0.00
2019 0 0.00
2018 2 4.70

It may take a day or so for new Spring Integration Zip vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent VMware Spring Integration Zip Security Vulnerabilities

Addresses partial fix in CVE-2018-1263

CVE-2021-22114 5.3 - Medium - March 01, 2021

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

Directory traversal

Addresses partial fix in CVE-2018-1261

CVE-2018-1263 4.7 - Medium - May 15, 2018

Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

Directory traversal

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z)

CVE-2018-1261 4.7 - Medium - May 11, 2018

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

Directory traversal

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for VMware Spring Integration Zip or by VMware? Click the Watch button to subscribe.

VMware
Vendor

subscribe