Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[LOTP] Add unzip #34

Open
fproulx-boostsecurity opened this issue Jul 17, 2024 · 0 comments
Open

[LOTP] Add unzip #34

fproulx-boostsecurity opened this issue Jul 17, 2024 · 0 comments
Assignees
@Talgarr
Labels
good first issue Good for newcomers idea

Comments

@fproulx-boostsecurity
Copy link
Contributor

Description of the LOTP tool

unzip is a common UNIX utility to decompression *.zip files

zipslip

When used with certain flags it can lead to zip slip (https://security.snyk.io/research/zip-slip-vulnerability)

As documented in man page (https://linux.die.net/man/1/unzip), the -: flag disables security feature added since the early 2000s that would disallow extracting ../ relative paths
@fproulx-boostsecurity fproulx-boostsecurity added the good first issue Good for newcomers label Nov 19, 2024
@Talgarr Talgarr self-assigned this Feb 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Talgarr Talgarr

Labels
good first issue Good for newcomers idea
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Talgarr @fproulx-boostsecurity