关联漏洞
描述
CWE-Bench-Java CVE-2018-1002202 versions 1.3.2, 1.3.3
介绍
# zip4j
This repository contains decompiled source code for the zip4j library versions 1.3.2 (vulnerable) and 1.3.3 (fixed) for CVE-2018-1002202, for the CWE-Bench-Java dataset. The original zip4j repository on Github doesn't include code from these versions.
## Versions
### Version 1.3.2 (Vulnerable)
- **Tag**: `1.3.2`
- **Status**: Contains path traversal vulnerability
- **Source**: Decompiled from `zip4j-1.3.2-sources.jar`
- **Buggy Commit**: `d87ffa2d64ffb3a0a1cf0c7a69c7b19d7015bfde`
- [1.3.2 sources jar download page](https://repo1.maven.org/maven2/net/lingala/zip4j/zip4j/1.3.2/)
### Version 1.3.3 (Fixed)
- **Tag**: `1.3.3`
- **Status**: Vulnerability patched
- **Source**: Decompiled from `zip4j-1.3.3-sources.jar`
- **Fixed Commit**: `59aeea594ff885e06c25751dc6334dfea1bed8c6`
- [1.3.3 sources jar download page](https://repo1.maven.org/maven2/net/lingala/zip4j/1.3.3/)
## Original Project
- Original Author: Srikanth Lingala
- [Original Repository](https://github.com/srikanth-lingala/zip4j)
文件快照
[4.0K] /data/pocs/b373321f7f8772e5d3dbc848ddf80d84d19c8ecd
├── [1.0K] LICENSE
├── [2.0K] pom.xml
├── [1.0K] README.md
└── [4.0K] src
└── [4.0K] main
└── [4.0K] java
├── [4.0K] META-INF
│ └── [ 125] MANIFEST.MF
└── [4.0K] net
└── [4.0K] lingala
└── [4.0K] zip4j
├── [4.0K] core
│ ├── [ 38K] HeaderReader.java
│ ├── [ 36K] HeaderWriter.java
│ └── [ 35K] ZipFile.java
├── [4.0K] crypto
│ ├── [7.2K] AESDecrypter.java
│ ├── [6.3K] AESEncrpyter.java
│ ├── [4.0K] engine
│ │ ├── [ 14K] AESEngine.java
│ │ └── [1.9K] ZipCryptoEngine.java
│ ├── [ 889] IDecrypter.java
│ ├── [ 889] IEncrypter.java
│ ├── [4.0K] PBKDF2
│ │ ├── [2.4K] BinTools.java
│ │ ├── [2.8K] MacBasedPRF.java
│ │ ├── [4.9K] PBKDF2Engine.java
│ │ ├── [1.6K] PBKDF2HexFormatter.java
│ │ ├── [2.8K] PBKDF2Parameters.java
│ │ └── [ 912] PRF.java
│ ├── [3.5K] StandardDecrypter.java
│ └── [3.9K] StandardEncrypter.java
├── [4.0K] exception
│ ├── [ 960] ZipExceptionConstants.java
│ └── [1.4K] ZipException.java
├── [4.0K] io
│ ├── [ 452] BaseInputStream.java
│ ├── [ 835] BaseOutputStream.java
│ ├── [ 20K] CipherOutputStream.java
│ ├── [3.3K] DeflaterOutputStream.java
│ ├── [4.9K] InflaterInputStream.java
│ ├── [4.8K] PartInputStream.java
│ ├── [7.2K] SplitOutputStream.java
│ ├── [2.3K] ZipInputStream.java
│ └── [ 780] ZipOutputStream.java
├── [4.0K] model
│ ├── [1.9K] AESExtraDataRecord.java
│ ├── [1.3K] ArchiveExtraDataRecord.java
│ ├── [1.2K] CentralDirectory.java
│ ├── [1.2K] DataDescriptor.java
│ ├── [1.2K] DigitalSignature.java
│ ├── [3.0K] EndCentralDirRecord.java
│ ├── [1.1K] ExtraDataRecord.java
│ ├── [8.6K] FileHeader.java
│ ├── [5.7K] LocalFileHeader.java
│ ├── [2.0K] UnzipEngineParameters.java
│ ├── [2.4K] UnzipParameters.java
│ ├── [1.7K] Zip64EndCentralDirLocator.java
│ ├── [3.5K] Zip64EndCentralDirRecord.java
│ ├── [1.9K] Zip64ExtendedInfo.java
│ ├── [4.2K] ZipModel.java
│ └── [5.2K] ZipParameters.java
├── [4.0K] progress
│ └── [4.0K] ProgressMonitor.java
├── [4.0K] unzip
│ ├── [ 17K] UnzipEngine.java
│ ├── [7.7K] Unzip.java
│ └── [3.8K] UnzipUtil.java
├── [4.0K] util
│ ├── [ 25K] ArchiveMaintainer.java
│ ├── [2.5K] CRCUtil.java
│ ├── [6.1K] InternalZipConstants.java
│ ├── [4.8K] Raw.java
│ ├── [2.2K] Zip4jConstants.java
│ └── [ 23K] Zip4jUtil.java
└── [4.0K] zip
└── [ 16K] ZipEngine.java
18 directories, 59 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。