[OFBIZ-12056] Prevent Zip Slip vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Trunk
Fix Version/s: 18.12.01
Component/s: framework/base
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

While working with FileUtil::unzipFileToFolder I noticed that it's vulnerable to Zip slip vulnerability: https://snyk.io/research/zip-slip-vulnerability.

Fortunately OOTB code does not use FileUtil::unzipFileToFolder so I did not create a CVE, nor reported to https://github.com/snyk/zip-slip-vulnerability#user-content-projects-affected-and-fixed. If you think we should please shime in...

Attachments

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 14/Nov/20 10:17

Updated:: 14/Nov/20 10:55

Resolved:: 14/Nov/20 10:55