VMware Spring Integration Zip
By the Year
In 2024 there have been 0 vulnerabilities in VMware Spring Integration Zip . Spring Integration Zip did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 1 | 5.30 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 2 | 4.70 |
It may take a day or so for new Spring Integration Zip vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Spring Integration Zip Security Vulnerabilities
Addresses partial fix in CVE-2018-1263
CVE-2021-22114
5.3 - Medium
- March 01, 2021
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
Directory traversal
Addresses partial fix in CVE-2018-1261
CVE-2018-1263
4.7 - Medium
- May 15, 2018
Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
Directory traversal
Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z)
CVE-2018-1261
4.7 - Medium
- May 11, 2018
Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Spring Integration Zip or by VMware? Click the Watch button to subscribe.