JRE provisioning: Harden against Zip bomb attack
martin-strecker-sonarsource opened this issue · 0 comments
martin-strecker-sonarsource commented
The JRE provisioning is vulnerable against zip bomb attacks in the ZipUnpacker and the TarGzUnpacker implementations.
For details see the security hotspot for rule S5042 in ZipUnpacker's use of zipArchive.ExtractToDirectory.