Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Arbitrary file access during archive extraction ("Zip Slip") [VERY LOW IMPACT] #98

Closed
1 task done
carlosame opened this issue May 10, 2024 · 0 comments
Closed
1 task done

Arbitrary file access during archive extraction ("Zip Slip") [VERY LOW IMPACT] #98

carlosame opened this issue May 10, 2024 · 0 comments
Labels
security Security and privacy
Milestone
1.1

Comments

@carlosame
Copy link
Member

carlosame commented May 10, 2024
edited
Loading

A static method in the ClassFileUtilities class is vulnerable to a "Zip Slip" attack, see security/code-scanning#32. That method isn't used at all by the main EchoSVG code so the security impact is minimal, almost zero.

Tracking issue for:
@carlosame carlosame added the security Security and privacy label May 10, 2024
@carlosame carlosame added this to the 1.1 milestone May 10, 2024
@carlosame carlosame mentioned this issue Jul 23, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Security and privacy
Projects
None yet
Milestone
1.1
Development

No branches or pull requests
1 participant
@carlosame