CVE-2018-1263: spring-integration-zip Arbitrary File Write
4.7
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.80646%
CWE
Published
5/13/2022
Updated
4/12/2024
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.springframework.integration:spring-integration-zip | maven | < 1.0.2 | 1.0.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from insufficient path traversal checks when processing zip entries as byte arrays (ZipResultType.BYTE_ARRAY). The pre-patch code validated paths only for FILE output types, but omitted validation for BYTE_ARRAY processing. The commit d10f537 fixed this by adding a checkPath() call in both cases. The UnZipTransformer's process method is directly responsible for handling archive entries, making it the vulnerable function. The test case added in UnZip2FileTests.java confirms this scenario by verifying traversal attempts throw exceptions.