class Unzip is Affected by zip-slip-vulnerability
cs-sonar opened this issue · 1 comments
cs-sonar commented
test this file.
https://github.com/snyk/zip-slip-vulnerability/blob/master/archives/zip-slip.zip
$unzip = new \Fuel\Core\Unzip();
$unzip->extract('/path/to/zip-slip.zip');
then
root@53e8b6d32d41:/tmp# ls -al /tmp
total 12
drwxrwxrwt 2 root root 4096 7月 5 15:03 .
drwxr-xr-x 106 root root 4096 7月 5 14:57 ..
-rw-r--r-- 1 www-data www-data 20 7月 5 15:03 evil.txt
if evil.txt created /tmp , this Affected by zip-slip-vulnerability.
cs-sonar commented
fuel/core (1.8.1.5)