You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This CVE seems only to talk about maliciously crafted destination paths, and not maliciously crafted symlinks. Is there a separate CVE for that?
For example, I could extract a symlinkevilEntry.txt => ../../../../etc/password to ./evilEntry.txt and then the next entry in the archive could be againevilEntry.txt, but this time as a file with the contents PWNed!, which would overwrite /etc/password.
The text was updated successfully, but these errors were encountered:
This CVE seems only to talk about maliciously crafted destination paths, and not maliciously crafted symlinks. Is there a separate CVE for that?
For example, I could extract a symlink
evilEntry.txt => ../../../../etc/passwordto./evilEntry.txtand then the next entry in the archive could be againevilEntry.txt, but this time as a file with the contentsPWNed!, which would overwrite/etc/password.The text was updated successfully, but these errors were encountered: