CVE-2022-4493

Name of the Vulnerable Software and Affected Versions scifio (affected versions not specified)

Description A critical vulnerability was found in scifio, affecting the function downloadAndUnpackResource of the file src/test/java/io/scif/util/DefaultSampleFilesService.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack can be launched remotely.

Recommendations To fix this issue, it is recommended to apply a patch. The patch is available at commit fcb0dbca0ec72b22fe0c9ddc8abc9cb188a0ff31. As a temporary workaround, consider disabling the downloadAndUnpackResource function until a patch is applied. Restrict access to the ZIP File Handler component to minimize the risk of exploitation.