This repository was archived by the owner on Jun 13, 2024. It is now read-only.
This repository was archived by the owner on Jun 13, 2024. It is now read-only.
zip_slip #42
Description
The Entry name is not verified when extracting the zip file in the deployEntry method in the ThreadClientUpdate.java file. As a result, when extracting a maliciously constructed zip file("../" in entry name) from an attacker, it may overwrite sensitive files in the system.
