Open QiAnXinCodeSafe opened 3 years ago
https://github.com/bytedance/AabResGuard/blob/4e902042a3282f42a9b89e0446222a7b275a23ec/core/src/main/java/com/bytedance/android/aabresguard/utils/FileOperation.java#L72
Path Manipulation: ZIP Entry Overwrite errors occur when a ZIP file is opened and expanded without checking the file path of the ZIP entry.Allowing user input to control the targetDir could allow an attacker to overwrite files on the system at will.
https://github.com/bytedance/AabResGuard/blob/4e902042a3282f42a9b89e0446222a7b275a23ec/core/src/main/java/com/bytedance/android/aabresguard/utils/FileOperation.java#L72
Path Manipulation: ZIP Entry Overwrite errors occur when a ZIP file is opened and expanded without checking the file path of the ZIP entry.Allowing user input to control the targetDir could allow an attacker to overwrite files on the system at will.