pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Pf4j |
|
No data.
No data.
References
History
Thu, 26 Mar 2026 14:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Path Traversal Vulnerability in PF4J Zip Extraction | |
| Weaknesses | CWE-22 |
Thu, 26 Mar 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Pf4j Zip Extraction Path Traversal Allowing Zip Slip | |
| Weaknesses | CWE-22 CWE-36 |
Thu, 26 Mar 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Pf4j
Pf4j pf4j |
|
| Vendors & Products |
Pf4j
Pf4j pf4j |
Wed, 25 Mar 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Pf4j Zip Extraction Path Traversal Allowing Zip Slip | |
| Weaknesses | CWE-22 CWE-36 |
Wed, 25 Mar 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2026-03-25T00:00:00.000Z
Updated: 2026-03-25T18:34:46.661Z
Reserved: 2026-01-09T00:00:00.000Z
Link: CVE-2025-70952
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-03-25T19:16:28.260
Modified: 2026-03-25T19:16:28.260
Link: CVE-2025-70952
Redhat
No data.