com.github.junrar:junrar

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.github.junrar:junrarpage 1 of 1

CVE-2018-12418MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.0.1
2018-06-14
vulnerable: 0.7, 1.0.0
Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.
CVE-2022-23596HIGHCVSS 7.5EG 7.5✓ Fixed in 7.4.1
2022-02-01
vulnerable: 0.7 ... 7.4.0 (15 versions)
Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whet…
CVE-2026-41245MEDIUMCVSS 5.9EG 5.9✓ Fixed in 7.5.10
2026-04-20
vulnerable: 0.7 ... 7.5.9 (26 versions)
Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when…

Check whether com.github.junrar:junrar is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.github.junrar:junrar CVEs against the assets you own.

Start Free Scan →