Open-source security: Zip Slip critical flaw hits thousands of projects. Update now
In Summary : Security firm Snyk has disclosed a widespread and critical flaw in multiple archive file-extraction libraries found in thous...
https://updatesinfosec.blogspot.com/2018/06/open-source-security-zip-slip-critical.html
In Summary :
Security firm Snyk has disclosed a widespread and critical flaw in multiple archive file-extraction libraries found in thousands of open-source web application projects from HP, Amazon, Apache, Oracle, LinkedIn, Twitter and others. As Snyk explains, some ecosystems, such as Java, don't provide a central software library for fully unpacking archive files, leading developers to write their own code snippets to enable that functionality. In this case, those code snippets contain a vulnerability, dubbed Zip Slip, that exposes an application to a directory traversal attack. This flaw would allow an attacker to reach the root directory and from there enable remote command execution. [...]
kindly refer the following link as follow up :
https://www.zdnet.com/article/open-source-security-zip-slip-critical-flaw-hits-thousands-of-projects-update-now/
Security firm Snyk has disclosed a widespread and critical flaw in multiple archive file-extraction libraries found in thousands of open-source web application projects from HP, Amazon, Apache, Oracle, LinkedIn, Twitter and others. As Snyk explains, some ecosystems, such as Java, don't provide a central software library for fully unpacking archive files, leading developers to write their own code snippets to enable that functionality. In this case, those code snippets contain a vulnerability, dubbed Zip Slip, that exposes an application to a directory traversal attack. This flaw would allow an attacker to reach the root directory and from there enable remote command execution. [...]
kindly refer the following link as follow up :
https://www.zdnet.com/article/open-source-security-zip-slip-critical-flaw-hits-thousands-of-projects-update-now/
