lingochamp/FileDownloader

Releases67

Frequency3 weeks

Last Release over 6 years ago

Stars11.1K

Multitask、MultiThread(MultiConnection)、Breakpoint-resume、High-concurrency、Simple to use、Single/NotSingle-process

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-11248 ↗	May 18, 2018Friday, 18 May 2018, 18:29	—	7.5 HIGH
util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal.