Skip to content
This repository was archived by the owner on Jul 28, 2023. It is now read-only.
This repository was archived by the owner on Jul 28, 2023. It is now read-only.

Zip Slip Vulnerability in FlightCrew #52

Closed
@mssalvatore

Description

@mssalvatore

Summary
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip Slip'.

Impact
This vulnerability can be used to write files to arbitrary locations and could potentially result in granting an attacker remote access or arbitrary code execution.

This is a medium severity issue for Sigil users, but may have greater impact on third-party software that uses FlightCrew as a library.

Steps to Reproduce

  1. Download the attached "zip-slip.zip"

  2. On a linux system, process the epub using flightcrew-cli.
    flightcrew-cli --input-file zip-slip.zip

  3. Check for the existence of "/tmp/evil.txt" with the contents "this is an evil
    one".

Futher Reading
For more information on zip-slip vulnerabilities, see https://snyk.io/research/zip-slip-vulnerability

zip-slip.zip

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions