Uncaught Exception in zip4j
Udbhav12 opened this issue · comments
Describe the bug
As per https://github.com/mockingbot/react-native-zip-archive/blob/v6.0.8/android/build.gradle#L40
react-native-zip-archive
is currently using 2.6.4 version of zip4j
. There is a security issue which has been patched in 2.10.0 version of zip4j
Refer to below link for more details
GHSA-q62h-jw38-24vh
To Reproduce
NA
Expected behavior
No security vulnerability
Env (please complete the following information):
Package Version: - 6.0.8
Additional context
Below is the CVE ID
https://nvd.nist.gov/vuln/detail/CVE-2022-24615
Thanks for notifying the issue, I would upgrade it in the next release.
You can try 6.0.9-beta.0 to test your needs. Any feedback is appreciated.
Just published the fix in 6.0.9.