Zip4j is vulnerable to Improper Signature Validation. The vulnerability is due to improper AES
Message Authentication Code (MAC) validation when the MAC signature got corrupted in an encrypted ZIP archive. This flaw can result in an attacker modifying the archive without the library detecting the archive is tampered.
github.com/advisories/GHSA-2pj2-gchf-wmw7
github.com/srikanth-lingala/zip4j/commit/597b31afb473a40e8252de5b5def1876bab198d3
github.com/srikanth-lingala/zip4j/commit/ddd8fdc8ad0583eb4a6172dc86c72c881485c55b
github.com/srikanth-lingala/zip4j/issues/485
security-tracker.debian.org/tracker/CVE-2023-22899
threema.ch/en/blog/posts/news-alleged-weaknesses-statement
www.ibm.com/support/pages/security-bulletin-ibm-app-connect-enterprise-affected-remote-attacker-due-zip4j-library-cve-2023-22899