New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
zip slip vulnerability #358
Comments
eed3si9n
added a commit
to eed3si9n/io
that referenced
this issue
Oct 22, 2023
Fixes sbt#358 Ref codehaus-plexus/plexus-archiver 87 **Problem** IO.unzip currently has zip-slip vulnerability, which can write arbitrary files on the machine using specially crafted zip archive that holds path traversal file names. **Solution** This replicates the fix originally sent to plex-archiver by Snyk Team.
I have a fix here - #360 |
eed3si9n
added a commit
to eed3si9n/io
that referenced
this issue
Oct 22, 2023
Fixes sbt#358 Ref codehaus-plexus/plexus-archiver 87 **Problem** IO.unzip currently has zip-slip vulnerability, which can write arbitrary files on the machine using specially crafted zip archive that holds path traversal file names. **Solution** This replicates the fix originally sent to plex-archiver by Snyk Team.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How to fix? 馃
filter: NameFilter = AllPassFilter
default param?io/io/src/main/scala/sbt/io/IO.scala
Lines 367 to 386 in c0e0023
filter
param in user code?The text was updated successfully, but these errors were encountered: