Restrict file extraction to the target path #63
Currently decompress-zip will extract files outside of the scope of the specified target directory. This has significant security implications when decompressing files from untrusted users.
This pull request aims to fix this issue by ensuring that the destination path is not be outside set path. \
A new unit test has also been added to verify this functionality. The test archive has been taken from https://github.com/snyk/zip-slip-vulnerability/tree/master/archives
The text was updated successfully, but these errors were encountered: