[原文]** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-3619. Reason: This candidate is a duplicate of CVE-2006-3619. Notes: All CVE users should reference CVE-2006-3619 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
FastJar jar Archive Extraction Traversal Arbitrary File Write
Local Access Required
Loss of Integrity
FastJar contains a flaw that allows a remote attacker to write arbitrary files when the victim extracts a malicious .jar archive. The issue is due to the program not properly checking for traversal style attacks (../../) in the names of files in the .jar archive.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.