maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (Jira)" <j...@apache.org>
Subject [jira] [Commented] (MNG-6942) Arbitrary file write during archive extraction ("Zip Slip") in wrapper
Date Sun, 08 Nov 2020 16:16:03 GMT

    [ https://issues.apache.org/jira/browse/MNG-6942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17228040#comment-17228040
] 

Hudson commented on MNG-6942:
-----------------------------

Build succeeded in Jenkins: Maven » Maven TLP » maven » MNG-6169/MNG-6553 #14

See https://ci-builds.apache.org/job/Maven/job/maven-box/job/maven/job/MNG-6169%252FMNG-6553/14/

> Arbitrary file write during archive extraction ("Zip Slip") in wrapper
> ----------------------------------------------------------------------
>
>                 Key: MNG-6942
>                 URL: https://issues.apache.org/jira/browse/MNG-6942
>             Project: Maven
>          Issue Type: Bug
>          Components: maven wrapper
>    Affects Versions: 3.7.0
>            Reporter: Sylwester Lachiewicz
>            Assignee: Robert Scholte
>            Priority: Major
>             Fix For: 3.7.0
>
>
> In Maven Wrapper Installer [https://github.com/apache/maven/blob/ef8c95eb397651e10f677763dfcd9c8cea7c27b0/maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java]
>   
> {code:java}
>  ZipEntry entry = entries.nextElement();
>  if ( entry.isDirectory() )
>  {
>   continue;
>  }
>  Path targetFile = dest.resolve( entry.getName() );
> // Unsanitized archive entry, which may contain '..', is used in a file system operation.
>   // prevent Zip Slip
> if ( targetFile.startsWith( dest ) ) 
> {
>    Files.createDirectories( targetFile.getParent() );
>    Files.copy( zipFile.getInputStream( entry ), targetFile );
> }
> {code}
>  
>  Found via LGTM.com scan



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message