kuba-- / zip

A portable, simple zip library written in C

MIT License

1.42k stars 276 forks source link

Directory traversal vulnerability not fixed #342

Closed ouuan closed 7 months ago

ouuan commented 7 months ago

136 fixed #123, but later #159 introduced this vulnerability again. The PoC in #123 still works since #159.

kuba-- commented 7 months ago

@ouuan - I think https://github.com/kuba--/zip/pull/344 should fix the issue.