Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Write via Archive Extraction (Zip Slip)
Vulnerability Description
The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability is triggered when the archive is extracted upon calling uncompressTo() on a ZipFile object.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
N/A
Vulnerability Title
Raw Material Software Juce 路径遍历漏洞
Vulnerability Description
Raw Material Software Juce是英国Raw Material Software公司的一个开源的跨平台 C++ 应用程序框架。用于创建高质量的桌面和移动应用程序,包括Vst,Vst3,Au,Auv3,Rtas 和 Aax 音频插件。 Raw Material Software Juce 中存在路径遍历漏洞,该漏洞源于产品juce_ZipFile.cpp文件中的ZipFile::uncompressEntry函数可通过Zip Slip进行任意文件写入。攻击者可通过该漏洞遍历路径。以下产品
CVSS Information
N/A
Vulnerability Type
N/A