In the following document (https://breakingthe3ma.app/files/Threema-PST22.pdf), there is the following comment:
“In one of our attacks, we leveraged a vulnerability in a library, Zip4j, used by Threema to create backup zip files. We disclosed our findings to the author of Zip4j on 08.10.2022, proposing a 60-day disclosure period. At the time of writing, the author has yet to acknowledge our email."
Can you please comment on CVE-2023-22899 now that this vulnerability has been made public?
In the following document (https://breakingthe3ma.app/files/Threema-PST22.pdf), there is the following comment:
“In one of our attacks, we leveraged a vulnerability in a library, Zip4j, used by Threema to create backup zip files. We disclosed our findings to the author of Zip4j on 08.10.2022, proposing a 60-day disclosure period. At the time of writing, the author has yet to acknowledge our email."
Can you please comment on CVE-2023-22899 now that this vulnerability has been made public?