All Projects → snyk → Zip Slip Vulnerability

snyk / Zip Slip Vulnerability

Zip Slip Vulnerability (Arbitrary file write through archive extraction)

Projects that are alternatives of or similar to Zip Slip Vulnerability

Vulapps
快速搭建各种漏洞环境(Various vulnerability environment)
Stars: ✭ 3,353 (+674.36%)
Mutual labels:  vulnerabilities
Kubei
Kubei is a flexible Kubernetes runtime scanner, scanning images of worker and Kubernetes nodes providing accurate vulnerabilities assessment, for more information checkout:
Stars: ✭ 353 (-18.48%)
Mutual labels:  vulnerabilities
Huskyci
Performing security tests inside your CI
Stars: ✭ 398 (-8.08%)
Mutual labels:  vulnerabilities
Injuredandroid
A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
Stars: ✭ 317 (-26.79%)
Mutual labels:  vulnerabilities
Super
Secure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (-21.48%)
Mutual labels:  vulnerabilities
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-16.17%)
Mutual labels:  vulnerabilities
Android Vulnerabilities Overview
An small overview of known Android vulnerabilities
Stars: ✭ 282 (-34.87%)
Mutual labels:  vulnerabilities
Cb Multios
DARPA Challenges Sets for Linux, Windows, and macOS
Stars: ✭ 415 (-4.16%)
Mutual labels:  vulnerabilities
Vulnerabilitydb
Snyk's public vulnerability database
Stars: ✭ 345 (-20.32%)
Mutual labels:  vulnerabilities
Opencve
CVE Alerting Platform
Stars: ✭ 384 (-11.32%)
Mutual labels:  vulnerabilities
Awesome Web Hacking
A list of web application security
Stars: ✭ 3,760 (+768.36%)
Mutual labels:  vulnerabilities
Ckss Certified Kubernetes Security Specialist
This repository is a collection of resources to prepare for the Certified Kubernetes Security Specialist (CKSS) exam.
Stars: ✭ 333 (-23.09%)
Mutual labels:  vulnerabilities
Grype
A vulnerability scanner for container images and filesystems
Stars: ✭ 362 (-16.4%)
Mutual labels:  vulnerabilities
Horusec
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Stars: ✭ 311 (-28.18%)
Mutual labels:  vulnerabilities
Advisory Db
Security advisory database for Rust crates published through crates.io
Stars: ✭ 396 (-8.55%)
Mutual labels:  vulnerabilities
Snyk
Snyk CLI scans and monitors your projects for security vulnerabilities.
Stars: ✭ 3,643 (+741.34%)
Mutual labels:  vulnerabilities
Wssat
WEB SERVICE SECURITY ASSESSMENT TOOL
Stars: ✭ 360 (-16.86%)
Mutual labels:  vulnerabilities
Pwndoc
Pentest Report Generator
Stars: ✭ 417 (-3.7%)
Mutual labels:  vulnerabilities
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (-4.62%)
Mutual labels:  vulnerabilities
Poc
Advisories, proof of concept files and exploits that have been made public by @pedrib.
Stars: ✭ 376 (-13.16%)
Mutual labels:  vulnerabilities

Zip Slip

Zip Slip is a widespread critical archive extraction vulnerability, allowing attackers to write arbitrary files on the system, typically resulting in remote command execution. It was discovered and responsibly disclosed by the Snyk Security team ahead of a public disclosure on 5th June 2018, and affects thousands of projects, including ones from HP, Amazon, Apache, Pivotal and many more. This page provides the most up-to-date fix statuses for the libraries and projects that were found to be exploitable or contain a vulnerable implementation.

For more information on the technical details of Zip Slip, read http://snyk.io/research/zip-slip-vulnerability.

The vulnerability has been found in multiple ecosystems, including JavaScript, Ruby, .NET and Go, but is especially prevalent in Java, where there is no central library offering high level processing of archive (e.g. zip) files. The lack of such a library led to vulnerable code snippets being hand-crafted and shared among developer communities such as StackOverflow.

The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.sh). The Zip Slip vulnerability can affect numerous archive formats, including tar, jar, war, cpio, apk, rar and 7z.

Here is a vulnerable code example showing a ZipEntry path being concatenated to a destination directory without any path validation. Code similar to this has been found in many repositories across many ecosystems, including libraries which thousands of applications depend on.

   Enumeration<ZipEntry> entries = zip.getEntries();
   while (entries.hasMoreElements()) {
      ZipEntry e = entries.nextElement();
      File f = new File(destinationDir, e.getName());
      InputStream input = zip.getInputStream(e);
      IOUtils.copy(input, write(f));
   }

If you find a library or project that contains similar vulnerable code, we ask for your contribution to this repository to provide the community with the most up to date information about the Zip Slip vulnerability. To contribute, please refer to our CONTRIBUTING.md file.

Affected Libraries

Many of the following affected libraries exist because their ecosystems lack high level APIs providing the basic archive management capabilities. This results in vulnerable code being shared and reused. The following table contains the list of vulnerable libraries we found during private disclosure of Zip Slip which we aim to keep up to date, with community support, going forward as more vulnerable libraries are discovered. Some libraries that do not provide the high-level API often result in vulnerable implementations also, either through people copying and pasting vulnerable private code, or writing their own vulnerable snippets.

Vendor Product Language Confirmed vulnerable Fixed Version CVE Fixed
npm library unzipper JavaScript YES 0.8.13 CVE-2018-1002203 17/4/2018
npm library adm-zip JavaScript YES 0.4.9 CVE-2018-1002204 23/4/2018
Java library codehaus/plexus-archiver Java YES 3.6.0 CVE-2018-1002200 6/5/2018
Java library zeroturnaround/zt-zip Java YES 1.13 CVE-2018-1002201 26/4/2018
Java library zip4j Java YES 1.3.3 CVE-2018-1002202 13/6/2018
.NET library DotNetZip.Semverd .NET YES 1.11.0 CVE-2018-1002205 7/5/2018
.NET library SharpCompress .NET YES 0.21.0 CVE-2018-1002206 2/5/2018
Go library mholt/archiver Go YES N/A CVE-2019-10743
Oracle java.util.zip Java * No High Level API Documentation Fix N/A
Apache commons-compress Java * No High Level API Documentation Fix N/A 23/4/2018
.NET library SharpZipLib .NET YES v1.0.0 CVE-2018-1002208 19/8/2018
Ruby gem zip-ruby Ruby * No High Level API N/A
Ruby gem rubyzip Ruby YES CVE-2018-1000544
Ruby gem zipruby Ruby * No High Level API N/A
Go library archive Go * No High Level API N/A
Python library tarfile Python YES N/A
C++/qt library quazip C++ YES 0.7.6 CVE-2018-1002209 12/6/2018
Clojure library Raynes/fs Clojure YES akvo/fs 20180618-134534.a44cdd5b N/A 18/6/2018
Go library cloudfoundry/archiver Go YES 24/5/2018 N/A 24/5/2018
PHP library chumper/zipper PHP YES 1.0.3 N/A 26/2/2020
Perl library libarchive-zip-perl Perl YES CVE-2018-10860

Projects Affected and Fixed

The following list of projects contain vulnerable code. Please add to this list as you find projects that are vulnerable to Zip Slip, or if you have further information about a project fix status.

Vendor Product Fixed date Fixed version CVE Vulnerable Code
Apache Storm Storm 2/5/2018 1.1.3, 1.2.2 CVE-2018-8008 #1 #2 #3 #4
Apache Software Foundation Apache Hadoop 30/5/2018 #1 #2 2.7.7, 2.8.5, 2.9.2, 3.0.3, 3.1.1 CVE-2018-8009
Apache Maven
Apache Ant 21/4/2018 1.9.12 CVE-2018-10886
Pivotal spring-integration-zip 3/5/2018 1.0.1 CVE-2018-1261
Pivotal spring-integration-zip 10/5/2018 1.0.2 CVE-2018-1263
HP Fortify Cloud Scan Jenkins Plugin 27/4/2018 1.5.2 #1
OWASP DependencyCheck 7/5/2018 3.2.0 CVE-2018-12036
Amazon AWS Toolkit for Eclipse 31/5/2018
SonarSource SonarQube 4/5/2018 6.7.4 LTS, 7.2 #1
Cinchapi Concourse 30/5/2018 #1
Orient Technologies OrientDB 31/5/2018 #1 #2
FenixEdu Academic 30/5/2018 #1
Lucee Lucee 5/6/2018 5.2.7.63, 5.2.8.47 #1
groovy-common-extensions groovy-common-extensions 3/7/2018 0.7.1 #1
fabric8 fabric8 5/6/2018 2.2.170-85 #1
Apache Tika 19/9/2018 1.19
Apache DeepLearning4J 10/24/2018 1.0.0-SNAPSHOT
FireGiant WiX Toolkit 09/19/2019 3.11.2 CVE-2019-16511

Defensively fixed but deemed not exploitable

Some projects were confirmed by the project maintainers that their implementation code was not vulnerable to Zip Slip. However they decided to remove or fix their implementation so that in the future, the snippets could not be copied and become vulnerable elsewhere.

Vendor Product Vulnerable Code Removed Vulnerable Code
Apache Kylin 24/4/2018 #1
Apache NiFi 24/4/2018 #1
Apache Geode 20/4/2018
Jenkins Jenkins CI 5/5/2018 #1
Elastic ElasticSearch 10/5/2018 #1
LinkedIn Pinot 22/5/2018 #1
AnkiDroid Anki-Droid 31/5/2018 #1
ata4 bspsrc 30/5/2018 #1
eirslett frontend-maven-plugin 30/5/2018 #1 #2

Deemed not exploitable by the maintainer (vulnerable implementation remains)

The final list of projects are those with snippets of code that still have a vulnerable implementation, but are not exploitable. It is believed that it would not be possible to attack these projects in such a way that could lead to a malicious outcome, but the vulnerable pattern of code still exists within the code base. We strongly encourage such projects to fix the implementation both to prevent its use through other functionality, or use in other projects that copy paste snippets.

Vendor Product Vulnerable Code
JetBrains Intellij-community #1
Apache Apex #1
Apache Zeppelin #1
Apache Reef #1
Apache BookKeeper #1
Apache Pulsar #1
Apache Heron #1
Apache Gobblin #1
Apache Gobblin #1
Apache SystemML #1
Gradle Gradle #1
Gradle Gradle #1
Gradle Gradle #1
plasma-umass doppio #1
streamsets DataCollector #1

For more information on Zip Slip, go to http://snyk.io/research/zip-slip-vulnerability.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].