This repository contains decompiled source code for the zip4j library versions 1.3.2 (vulnerable) and 1.3.3 (fixed) for CVE-2018-1002202, for the CWE-Bench-Java dataset. The original zip4j repository on Github doesn't include code from these versions.
- Tag:
1.3.2 - Status: Contains path traversal vulnerability
- Source: Decompiled from
zip4j-1.3.2-sources.jar - Buggy Commit:
d87ffa2d64ffb3a0a1cf0c7a69c7b19d7015bfde - 1.3.2 sources jar download page
- Tag:
1.3.3 - Status: Vulnerability patched
- Source: Decompiled from
zip4j-1.3.3-sources.jar - Fixed Commit:
59aeea594ff885e06c25751dc6334dfea1bed8c6 - 1.3.3 sources jar download page
- Original Author: Srikanth Lingala
- Original Repository