CVE-2021-23520

Name of the Vulnerable Software and Affected Versions juce-framework/juce versions prior to 6.1.5

Description The issue allows for Arbitrary File Write via Archive Extraction (Zip Slip) through the ZipFile::uncompressEntry function in juce ZipFile.cpp. This is triggered when an archive is extracted by calling uncompressTo() on a ZipFile object.

Recommendations For versions prior to 6.1.5, update to version 6.1.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the uncompressTo() function on ZipFile objects until a patch is applied. Avoid extracting archives from untrusted sources to minimize the risk of exploitation.