Vulnerability	Vulnerable Version
H Directory Traversal com.github.junrar:junrar is a rar decompression library in plain java. Affected versions of this package are vulnerable to Directory Traversal via the `LocalFolderExtractor` component. An attacker can write arbitrary files with attacker-controlled content anywhere on the filesystem by extracting a specially crafted RAR archive on Linux/Unix systems, potentially leading to the execution of malicious code by overwriting critical files such as shell profiles, source code, or cron jobs. Note: This is not exploitable on Windows where backslashes are path separators. How to fix Directory Traversal? Upgrade `com.github.junrar:junrar` to version 7.5.8 or higher.	[,7.5.8)

Directory Traversal

com.github.junrar:junrar is a rar decompression library in plain java.

Affected versions of this package are vulnerable to Directory Traversal via the LocalFolderExtractor component. An attacker can write arbitrary files with attacker-controlled content anywhere on the filesystem by extracting a specially crafted RAR archive on Linux/Unix systems, potentially leading to the execution of malicious code by overwriting critical files such as shell profiles, source code, or cron jobs.

Note:

This is not exploitable on Windows where backslashes are path separators.

How to fix Directory Traversal?

Upgrade com.github.junrar:junrar to version 7.5.8 or higher.

[,7.5.8)

Go back to all versions of this package