Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-12056

Prevent Zip Slip vulnerability

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Trunk
    • 18.12.01
    • framework/base
    • None
    • Bug Crush Event - 21/2/2015

    Description

      While working with FileUtil::unzipFileToFolder I noticed that it's vulnerable to Zip slip vulnerability: https://snyk.io/research/zip-slip-vulnerability.

      Fortunately OOTB code does not use FileUtil::unzipFileToFolder so I did not create a CVE, nor reported to https://github.com/snyk/zip-slip-vulnerability#user-content-projects-affected-and-fixed. If you think we should please shime in...

      Attachments

        Activity

          People

            jleroux Jacques Le Roux
            jleroux Jacques Le Roux
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: