Google Play Console reports security error: Zip Path Traversal Error due to cordova-plugin-zip dependency - Githubissues

microsoft / cordova-plugin-code-push

Cordova plugin for CodePush

http://appcenter.ms

Other

644 stars 324 forks source link

Google Play Console reports security error: Zip Path Traversal Error due to cordova-plugin-zip dependency #671

Open VojGin opened 3 years ago

VojGin commented 3 years ago

Description

Google Play Console reports security error in Pre-launch report details.

Pre-launch report details

Security and trust

Zip Path Traversal

Your app contains an unsafe unzipping pattern that may lead to a Path Traversal vulnerability. Please see this Google Help Center article to learn how to fix the issue.

org.apache.cordova.Zip.unzipSync

The reported error is being caused by cordova plugin cordova-plugin-zip which is a dependency of cordova-plugin-code-push

Reproduction

Install cordova-plugin-code-push, build production APK and submit it to Google Play Console.

Additional Information

cordova-plugin-code-push version: 2.0.0
Cordova version: 10.0.0

vickyanands commented 2 years ago

I have the same issue and Is there a date when this is getting fixed or else I have to remove code-push from my app.