Zip4J · Zip4J · CVE-2023-22899
**Name of the Vulnerable Software and Affected Versions**
Zip4j versions prior to 2.11.3
**Description**
The issue is related to the decryption of ZIP archives, where the MAC is not always checked. This affects products that use Zip4j, including Threema.
**Recommendations**
For versions prior to 2.11.3, update to version 2.11.3 or later to resolve the issue. As a temporary workaround, consider disabling the decryption of ZIP archives until a patch is available. Restrict access to ZIP archives to minimize the risk of exploitation. Avoid using the affected Zip4j library in sensitive operations until the issue is resolved.