Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Java_code_security_toolkit
(Pixee)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-01 | CVE-2024-24569 | The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard against path traversal, and have an exploit path. Although the control still protects attackers from escaping the application path into higher level directories (e.g., /etc/), it will allow "escaping"... | Java_code_security_toolkit | 4.8 |