plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.2-1+deb9u1build0.16.04.1", "binary_name": "libplexus-archiver-java" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "3.5-2ubuntu0.1~esm1", "binary_name": "libplexus-archiver-java" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "3.6.0-2", "binary_name": "libplexus-archiver-java" } ] }