Security Advisory

CVE-2021-23520

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-01-31 10:56:15

Last updated 2024-09-16 22:46:03

Assigner snyk

State PUBLISHED

Description

The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability is triggered when the archive is extracted upon calling uncompressTo() on a ZipFile object.

← Browse all CVEs View on cve.org ↗