sheerun
commented
5 years ago Thank you very much for contributing, I'm releasing it right away
Closed Muelsy closed 5 years ago
sheerun
commented
5 years ago Thank you very much for contributing, I'm releasing it right away
sheerun
commented
5 years ago Released as 0.3.2
Currently decompress-zip will extract files outside of the scope of the specified target directory. This has significant security implications when decompressing files from untrusted users.
This pull request aims to fix this issue by ensuring that the destination path is not be outside set path. \
A new unit test has also been added to verify this functionality. The test archive has been taken from https://github.com/snyk/zip-slip-vulnerability/tree/master/archives