Every CVE whose affected-product data names Zip4j Project Zip4j, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2018-1002202 — CVSS 6.5 (medium): zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip…
CVE-2023-22899 — CVSS 5.9 (medium): Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.
CVE-2022-24615 — CVSS 5.5 (medium): zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application…