Zip4j Origin Validation Error
Moderate severity
GitHub Reviewed
Published
Jan 10, 2023
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Jan 10, 2023
Published to the GitHub Advisory Database
Jan 10, 2023
Reviewed
Jan 13, 2023
Last updated
Jan 27, 2023
Credits
-
0xSSA Analyst
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. This issue has been fixed in version 2.11.3.
References