Upgrade TestNG 7.6.1 based on security issue - CVE-2022-4065 (original) (raw)

Describe the bug
TestNG is vulnerable to Path Traversal

To Reproduce
A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. A patch is available in commit 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The patch was pushed into the master branch but no releases have yet been made with the patch included.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-4065
• [SECURITY] Fix Zip Slip Vulnerability testng-team/testng#2806
• testng-team/testng@9150736
• https://vuldb.com/?id.214027