Skip to content

Zip Slip Vulnerability #73

New issue
New issue
Open
Open
Zip Slip Vulnerability#73
Labels
V1blocker
@Lucisu

Description

@Lucisu
Lucisu
opened on Mar 17, 2024

As we discussed today, there's a ZIP Slip vulnerability below here. The filename should be sanitized to prevent directory traversal:

https://github.com/WordPress/blueprints-library/blob/f2ddfa54a97220249201535f1d37726c416f915d/src/WordPress/Zip/functions.php#L17C51-L17C62

Also, maybe it's good to check for Symlinks and how they are being treated nowadays ;)

Metadata

Metadata

Assignees

No one assigned

    Labels

    V1blocker

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions