Open fproulx-boostsecurity opened 4 months ago
unzip is a common UNIX utility to decompression *.zip files
unzip
*.zip
When used with certain flags it can lead to zip slip (https://security.snyk.io/research/zip-slip-vulnerability)
As documented in man page (https://linux.die.net/man/1/unzip), the -: flag disables security feature added since the early 2000s that would disallow extracting ../ relative paths
-:
../
Description of the LOTP tool
unzipis a common UNIX utility to decompression*.zipfileszipslip
When used with certain flags it can lead to zip slip (https://security.snyk.io/research/zip-slip-vulnerability)
As documented in man page (https://linux.die.net/man/1/unzip), the
-:flag disables security feature added since the early 2000s that would disallow extracting../relative paths