From 7ba6830cc2e93717a70e0bd1613fe7e5a3ad9686 Mon Sep 17 00:00:00 2001
From: Laurent SCHOELENS <61973605+laurentschoelens@users.noreply.github.com>
Date: Mon, 1 Apr 2024 15:20:36 +0200
Subject: [PATCH] [#514] fix contains('..') in path in jar file

---
 .../src/main/java/org/jvnet/jaxb/maven/util/JarScanner.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/maven-plugin/plugin-core/src/main/java/org/jvnet/jaxb/maven/util/JarScanner.java b/maven-plugin/plugin-core/src/main/java/org/jvnet/jaxb/maven/util/JarScanner.java
index 85e957a3a..89192e20c 100644
--- a/maven-plugin/plugin-core/src/main/java/org/jvnet/jaxb/maven/util/JarScanner.java
+++ b/maven-plugin/plugin-core/src/main/java/org/jvnet/jaxb/maven/util/JarScanner.java
@@ -52,7 +52,7 @@ public void scan() {
             while (jarFileEntries.hasMoreElements()) {
                 JarEntry entry = jarFileEntries.nextElement();
                 String name = entry.getName();
-                if (name.startsWith("..") || name.startsWith("/")) {
+                if (name.contains("..") || name.startsWith("/")) {
                     // ignore "zip slip" file pattern attack
                     continue;
                 }