Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BlackDuck Security Finding: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') #284

Closed
Jonas1893 opened this issue Sep 7, 2023 · 1 comment
Closed

BlackDuck Security Finding: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') #284

Jonas1893 opened this issue Sep 7, 2023 · 1 comment

Comments

@Jonas1893
Copy link

Summary

For Version 0.9.16 we receive the following security finding from BlackDuck:

An issue in ZIPFoundation v0.9.16 allows attackers to execute a path traversal via extracting a crafted zip file.

Common Weakness Enumeration (CWE)
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Is this a known issue?
@Jonas1893
Copy link
Author

Closing because this is a duplicate of #281 and #282.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Jonas1893