Skip to content

[Security] Zip slip / path traversal in tar extraction #19

@unrealandychan

Description

@unrealandychan

Both upload and fetch routes extract user-supplied .tgz archives with strip: 1 but no path validation. A crafted archive can escape the extraction directory.

Fix

Add an onentry callback to verify each resolved path stays inside the target directory.

Metadata

Metadata

Labels

No labels
No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions