CVE-2022-4878
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-4878
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-4878.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-4878
- Published
- 2023-01-06T10:15:10Z
- Modified
- 2025-03-26T01:49:50.615497Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of the file modules/common/app/utils/common/ZipUtil.java of the component ZIP Handler. The manipulation leads to path traversal. Upgrading to version 3.7.5-alpha is able to address this issue. The name of the patch is 2b42519f309d8164e8811392770ce604cdabb5da. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217548.
- References
Affected packages
Git / github.com/jatos/jatos
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jatos/jatos
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
g3.*
g3.5.4
j3.*
j3.3.5
n3.*
n3.3.5
v1.*
v1.0alpha
v1.1.1-alpha
v1.1.10-beta
v1.1.11-beta
v1.1.2-alpha
v1.1.3-beta
v1.1.4-beta
v1.1.5-beta
v1.1.6-beta
v1.1.7-beta
v1.1.8-beta
v1.1.9-beta
v1.1alpha
v2.*
v2.1.1-alpha
v2.1.10-beta
v2.1.11-beta
v2.1.12-beta
v2.1.2-alpha
v2.1.3-alpha
v2.1.4-alpha
v2.1.5-beta
v2.1.6-beta
v2.1.7-beta
v2.1.8-beta
v2.1.9-beta
v2.2.1-beta
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v3.*
v3.1.1-beta
v3.1.10
v3.1.11
v3.1.12
v3.1.2-beta
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2.1
v3.2.2
v3.2.3
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.4.1
v3.4.2
v3.5.1
v3.5.10
v3.5.11
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.6-alpha
v3.5.7
v3.5.8
v3.5.9
v3.5.9-beta
v3.6.1
v3.7.1
v3.7.1-alpha
v3.7.2
v3.7.3
v3.7.3-alpha
v3.7.4
v3.7.4-alpha