mmsmits
commented
1 year ago We are not vulnerable for this. We use SharpZipLib to handle unpacking packages, they have fixed this issue in v1.0.0. We are using 1.3.3
Closed marcovisserFurore closed 1 year ago
mmsmits
commented
1 year ago We are not vulnerable for this. We use SharpZipLib to handle unpacking packages, they have fixed this issue in v1.0.0. We are using 1.3.3
Any packages containing a file name that includes
..should be rejected as suspicious. See also this thread on Zulip.