Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.
The product does not properly verify that the source of data or communication is valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Zip4j | Zip4j_project | * | 2.11.2 (including) |