Uncaught Exception in zip4j

Question

Udbhav12 opened this issue 2 years ago · comments

Describe the bug
As per https://github.com/mockingbot/react-native-zip-archive/blob/v6.0.8/android/build.gradle#L40 
react-native-zip-archive is currently using 2.6.4 version of zip4j. There is a security issue which has been patched in 2.10.0 version of zip4j
Refer to below link for more details
GHSA-q62h-jw38-24vh

To Reproduce
NA

Expected behavior
No security vulnerability

Env (please complete the following information):
Package Version: - 6.0.8

Additional context
Below is the CVE ID
https://nvd.nist.gov/vuln/detail/CVE-2022-24615

Perry Poon · Answer 1 · Sat Nov 26 2022 18:30:44 GMT+0800 (China Standard Time)

Thanks for notifying the issue, I would upgrade it in the next release.

Perry Poon · Answer 2 · Sun Nov 27 2022 16:06:47 GMT+0800 (China Standard Time)

You can try 6.0.9-beta.0 to test your needs. Any feedback is appreciated.

Perry Poon · Answer 3 · Tue Nov 29 2022 11:54:55 GMT+0800 (China Standard Time)

Just published the fix in 6.0.9.