Compress Extension 1.0.0.14 / zip4j 2.11.3 / CVE-2023-22899

Once again, just updating the base zip4j library to 2.11.3, details in the ticket [LDEV-4376] - Lucee

CVE with older versions up to Compress 1.0.0.14

Base Score: 5.9 MEDIUM

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.

3 Likes