Security: Arbitrary file write during archive extraction ("Zip Slip")

Description

Extracting files from a malicious archive without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten.

See https://github.com/cip4/JDFLibJ/security/code-scanning/6?query=ref%3Arefs%2Fheads%2Fmaster for details on this.

Environment

None

Draft

None

Activity

Stefan Meissner

December 9, 2021 at 2:47 PM

#T&I WG 2021-12-09:

@Rainer Prosi see the issue and will fix it

Resize work item view side panel

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details

Assignee

Unassigned

Reporter

Michel Hartmann(Deactivated)

Priority

Critical

Created December 8, 2021 at 10:24 PM

Updated January 13, 2022 at 2:57 PM

Resolved January 13, 2022 at 2:57 PM