extractArchiveToDisk() and extractFileToDisk() should not create/overwrite files outside outputPath
Closed this issue · 0 comments
sohomdatta1 commented
When a malicious zip file (containing a file with a filename like ../../../tmp/abc
(say)) is passed into the functions extractArchiveToDisk()
or extractFileToDisk()
, the functions will write to files outside the given output path.
When used as part of a program, this could cause remote code execution since a malicious user could overwrite a file like /home/user/.bashrc
and execute arbitrary code whenever the bash shell executes.