Headline
CVE-2023-40828: Add security checks to prevent directory traversal when decompressing… by afeng2016-s · Pull Request #537 · pf4j/pf4j
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
This is a PR submission for #536
To verify that there is a directory traversal risk when unzipping the zip file, I test in FileUtilsTest.java.
1.Using the zipslip vulnerability, create a zip file.Save the created zip file in the D:/code/pf4j directory, if you do not have this path on your computer D drive, create it.
- Next, call expandIfZip or loadPluginFromPath method to extract the zip file to the root directory of disk D of the computer.
3.To prevent path crossing problems caused by unsafe input, I recommend adding checks to the extract() method.
After adding the check, an exception is thrown when there is a malicious file name
Sorry, commits/c1b03c92c03cc42ef7d197d962acd785bbea60dd is wrong, commits/ed9392069fe14c6c30d9f876710e5ad40f7ea8c1 provide repair plan is correct.
Related news
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.