On June 5, researchers at British network security company Synk publicly disclosed a key vulnerability "Zip Slip". The vulnerability affects thousands of development projects in a variety of ecosystems, including Java, allowing attackers to implement remote arbitrary code execution on target systems.
By exploiting this vulnerability, an attacker could even use a malicious file to overwrite an application's legitimate executable or configuration file (such as a critical OS library or server configuration file), enticing the target system or user to run it. Thus implementing remote arbitrary code execution on the victim's host.
H3C R&D team quickly investigated the H3C products after the vulnerabilities were publicly disclosed.
We found below products are in impact scope:
l Safety and ecological cooperation products
【Solution for H3C Products】
For product solutions, please contact H3C Service Hotline: +852 2907 0456 or email: email@example.com.