I have decompress-zip running on a server, and I can imagine a scenario in which a zipfile is created with a symlink to ../../../etc/passwd, for example. I have not actually verified this attack yet, but I looked at the symlink support and it appears that this would be possible.
I have decompress-zip running on a server, and I can imagine a scenario in which a zipfile is created with a symlink to
../../../etc/passwd
, for example. I have not actually verified this attack yet, but I looked at the symlink support and it appears that this would be possible.