CVE-2021-32825

Name of the Vulnerable Software and Affected Versions bblfshd versions before commit 4265465b9b6fb5663c30ee43806126012066aad4

Description The issue is related to a "zipslip" vulnerability in the unpacking routine, which may allow attackers to read and/or write to arbitrary locations outside the designated target folder due to the unsafe handling of symbolic links. This can lead to arbitrary file write with the same permissions as the program running the unpack operation if the attacker can control the archive file. Additionally, if the attacker has read access to the unpacked files, they may be able to read arbitrary system files that the parent process has permissions to read.

Recommendations For versions before commit 4265465b9b6fb5663c30ee43806126012066aad4, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the unpacking routine to minimize the risk of exploitation. Avoid using the vulnerable unpacking functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.