Bug 2185304 (CVE-2022-4065) - CVE-2022-4065 testng: a path traversal in zip files
Summary: CVE-2022-4065 testng: a path traversal in zip files
Keywords:
Status: NEW
Alias: CVE-2022-4065
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2185305 2185306 2185307
Blocks: 2183427
TreeView+ depends on / blocked
 
Reported: 2023-04-07 20:48 UTC by Chess Hazlett
Modified: 2023-09-22 09:39 UTC (History)
3 users (show)

Fixed In Version: testng 7.7.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Chess Hazlett 2023-04-07 20:48:10 UTC 
The testng component's testngXmlExistsInJar function in JarFileUtils.java was found to permit path traversal.
Comment 1 Chess Hazlett 2023-04-07 20:53:29 UTC 
Created testng tracking bugs for this issue:

Affects: fedora-all [bug 2185305]
Note You need to log in before you can comment on or make changes to this bug.