You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Sylwester Lachiewicz (Jira)" <ji...@apache.org> on 2020/06/18 11:47:00 UTC
[jira] [Updated] (MNG-6942) Arbitrary file write during archive
extraction ("Zip Slip") in wrapper
[ https://issues.apache.org/jira/browse/MNG-6942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sylwester Lachiewicz updated MNG-6942:
--------------------------------------
Description:
In Maven Wrapper Installer [https://github.com/apache/maven/blob/ef8c95eb397651e10f677763dfcd9c8cea7c27b0/maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java]
{code:java}
ZipEntry entry = entries.nextElement();
if ( entry.isDirectory() )
{
continue;
}
Path targetFile = dest.resolve( entry.getName() );
// Unsanitized archive entry, which may contain '..', is used in a file system operation.
// prevent Zip Slip
if ( targetFile.startsWith( dest ) )
{
Files.createDirectories( targetFile.getParent() );
Files.copy( zipFile.getInputStream( entry ), targetFile );
}
{code}
Found via LGTM.com scan
was:
In Maven Wrapper Installer [https://github.com/apache/maven/blob/ef8c95eb397651e10f677763dfcd9c8cea7c27b0/maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java]
{code:java}
ZipEntry entry = entries.nextElement();
if ( entry.isDirectory() )
{
continue;
}
Path targetFile = dest.resolve( entry.getName() );
// Unsanitized archive entry, which may contain '..', is used in a file system operation.
// prevent Zip Slip
if ( targetFile.startsWith( dest ) )
{
Files.createDirectories( targetFile.getParent() );
Files.copy( zipFile.getInputStream( entry ), targetFile );
}
{code}
> Arbitrary file write during archive extraction ("Zip Slip") in wrapper
> ----------------------------------------------------------------------
>
> Key: MNG-6942
> URL: https://issues.apache.org/jira/browse/MNG-6942
> Project: Maven
> Issue Type: Bug
> Components: maven wrapper
> Affects Versions: 3.7.0
> Reporter: Sylwester Lachiewicz
> Priority: Major
>
> In Maven Wrapper Installer [https://github.com/apache/maven/blob/ef8c95eb397651e10f677763dfcd9c8cea7c27b0/maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java]
>
> {code:java}
> ZipEntry entry = entries.nextElement();
> if ( entry.isDirectory() )
> {
> continue;
> }
> Path targetFile = dest.resolve( entry.getName() );
> // Unsanitized archive entry, which may contain '..', is used in a file system operation.
> // prevent Zip Slip
> if ( targetFile.startsWith( dest ) )
> {
> Files.createDirectories( targetFile.getParent() );
> Files.copy( zipFile.getInputStream( entry ), targetFile );
> }
> {code}
>
> Found via LGTM.com scan
--
This message was sent by Atlassian Jira
(v8.3.4#803005)