You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by rf...@apache.org on 2020/06/20 12:03:03 UTC
[maven] branch master updated: [MNG-6942] Arbitrary file write
during archive extraction ("Zip Slip") in wrapper
This is an automated email from the ASF dual-hosted git repository.
rfscholte pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven.git
The following commit(s) were added to refs/heads/master by this push:
new 954cd81 [MNG-6942] Arbitrary file write during archive extraction ("Zip Slip") in wrapper
954cd81 is described below
commit 954cd81c9b1ab96306950c53a723eb959f3da311
Author: rfscholte <rf...@apache.org>
AuthorDate: Sat Jun 20 12:59:22 2020 +0200
[MNG-6942] Arbitrary file write during archive extraction ("Zip Slip") in wrapper
---
maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java b/maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java
index f763de3..3a0b46f 100644
--- a/maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java
+++ b/maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java
@@ -211,7 +211,7 @@ public class Installer
continue;
}
- Path targetFile = dest.resolve( entry.getName() );
+ Path targetFile = dest.resolve( entry.getName() ).normalize();
// prevent Zip Slip
if ( targetFile.startsWith( dest ) )