Björn Gustavsson

**Name of the Vulnerable Software and Affected Versions** Erlang OTP versions 17.0 through 28.0.1 Erlang OTP version 27.3.4.1 Erlang OTP version 26.2.5.13 stdlib versions 2.0 through 7.0.1 stdlib version 6.2.2.1 stdlib version 5.2.3.4 **Description** The issue is related to a Path Traversal vulnerability in Erlang OTP, specifically in the stdlib modules. This vulnerability allows Absolute Path Traversal and File Manipulation. It is associated with the program files lib/stdlib/src/zip.erl and the routines `zip:unzip/1`, `zip:unzip/2`, `zip:extract/1`, and `zip:extract/2`, unless the memory option is used. **Recommendations** For Erlang OTP versions 17.0 through 28.0.1, consider disabling the `zip:unzip/1` and `zip:unzip/2` functions until a patch is available. For Erlang OTP version 27.3.4.1, restrict access to the `zip:extract/1` and `zip:extract/2` routines to minimize the risk of exploitation. For Erlang OTP version 26.2.5.13, avoid using the `zip` module until the issue is resolved. For stdlib versions 2.0 through 7.0.1, consider applying configuration changes to limit the impact of the vulnerability. For stdlib version 6.2.2.1, restrict access to the vulnerable `zip.erl` file to prevent exploitation. For stdlib version 5.2.3.4, consider disabling the `zip` module as a temporary workaround until a patch is available.