Security Fix for zip-slip - huntr.dev #13
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@mufeedvh (https://huntr.dev/users/mufeedvh) has fixed a potential zip-slip vulnerability in your repository 馃敤. For more information, visit our website (https://huntr.dev/) or click the bounty URL below...
Q | A
Version Affected | *
Bug Fix | YES
Original Pull Request | 418sec#1
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/other/rc-zip/1/README.md
User Comments:
馃搳 Metadata *
Bounty URL: https://www.huntr.dev/bounties/1-other-rc-zip
鈿欙笍 Description *
The Rust package
rc-zip
is vulnerable to Zip Slip attacks, this is a fix implemented in the samplejean
project the vulnerability was reported in.Note that,
rc-zip
seem to be aware of this vulnerability/attack already as seen in the documentation.They implemented this intentionally as this crate is focused on parsing and handling zip files as it is, mitigation for this vulnerability can be handled separately and this is an example.
rc-zip/src/format/archive.rs[L176-L182]
And
rc-zip/src/format/archive.rs[L27-L31]
馃捇 Technical Description *
Zip Slip is a form of directory traversal that can be exploited by extracting files from an archive. The premise of the directory traversal vulnerability is that an attacker can gain access to parts of the file system outside of the target folder in which they should reside. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim鈥檚 machine. The vulnerability can also cause damage by overwriting configuration files or other sensitive resources, and can be exploited on both client (user) machines and servers.
More on Snyk's White Paper.
馃悰 Proof of Concept (PoC) *
Payload File:
zip-slip.zip
馃敟 Proof of Fix (PoF) *
馃憤 User Acceptance Testing (UAT)
馃敆 Relates to...
418sec/huntr#1760