-
Type:
Sub-task
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: Trunk
-
Fix Version/s: 18.12.01
-
Component/s: framework/base
-
Labels:None
-
Sprint:Bug Crush Event - 21/2/2015
While working with FileUtil::unzipFileToFolder I noticed that it's vulnerable to Zip slip vulnerability: https://snyk.io/research/zip-slip-vulnerability.
Fortunately OOTB code does not use FileUtil::unzipFileToFolder so I did not create a CVE, nor reported to https://github.com/snyk/zip-slip-vulnerability#user-content-projects-affected-and-fixed. If you think we should please shime in...