PT-2020-21110 — Unknown Decompress-Zip

PT-2020-21110 · Unknown · Decompress-Zip

Published

2020-09-02

Updated

2020-09-02

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions decompress-zip versions 0.2.x through 0.2.1 decompress-zip versions 0.3.x through 0.3.1

Description The issue is an arbitrary file write vulnerability, known as Zip-Slip, which occurs because decompress-zip does not verify that extracted files do not resolve to targets outside of the extraction root directory.

Recommendations For decompress-zip versions 0.2.x, upgrade to 0.2.2 or later. For decompress-zip versions 0.3.x, upgrade to 0.3.2 or later.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

GHSA-73V8-V6G4-VRPM

Affected Products

Decompress-Zip