7 lines
572 B
Plaintext
7 lines
572 B
Plaintext
Zip slip is a special case of path injection. It occurs when an application uses the name of an archive entry to construct a file path and access this file without validating its path first.
|
|
|
|
This rule will consider all archives untrusted, assuming they have been created outside the application file system.
|
|
|
|
A user with malicious intent would inject specially crafted values, such as ``++../++``, in the archive entry name to change the initial intended path. The resulting path would resolve somewhere in the filesystem where the user should not normally have access.
|
|
|