Download Technical White Paper (PDF 170KB) If you’d like the information on this page in a downloadable technical white paper, click the button below. The Zip Slip vulnerability can affect numerous archive formats, including tar, jar, war, cpio, apk, rar and 7z. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g././evil.sh). The lack of such a library led to vulnerable code snippets being hand crafted and shared among developer communities such as StackOverflow NET and Go, but is especially prevalent in Java, where there is no central library offering high level processing of archive (e.g. The vulnerability has been found in multiple ecosystems, including JavaScript, Ruby. ![]() Of course, this type of vulnerability has existed before, but recently it has manifested itself in a much larger number of projects and libraries. ![]() It was discovered and responsibly disclosed by the Snyk Security team ahead of a public disclosure on 5th June 2018, and affects thousands of projects, including ones from HP, Amazon, Apache, Pivotal and many more (CVEs and full list here) Zip Slip is a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |