Uploaded image for project: 'Maven Wrapper'
  1. Maven Wrapper
  2. MWRAPPER-21

Arbitrary file write during archive extraction ("Zip Slip") in wrapper

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 3.1.1
    • Maven Wrapper Jar
    • None

    Description

      In Maven Wrapper Installer https://github.com/apache/maven/blob/ef8c95eb397651e10f677763dfcd9c8cea7c27b0/maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java
       

       ZipEntry entry = entries.nextElement();
 if ( entry.isDirectory() )
 {
  continue;
 }
 Path targetFile = dest.resolve( entry.getName() );

// Unsanitized archive entry, which may contain '..', is used in a file system operation.
  // prevent Zip Slip
if ( targetFile.startsWith( dest ) ) 
{
   Files.createDirectories( targetFile.getParent() );
   Files.copy( zipFile.getInputStream( entry ), targetFile );
}

       

       Found via LGTM.com scan

      Attachments

        Issue Links

          Is contained by

          Improvement - An improvement or enhancement to an existing feature or task. MWRAPPER-51 Refactor using Java Path API (NIO.2)

          • Major - Major loss of function.
          • Closed

          Activity

            People

              rfscholte Robert Scholte
              slachiewicz Sylwester Lachiewicz
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: