ZDNet

Open-source security: Zip Slip critical flaw hits thousands of projects. Update now

Security firm Snyk has disclosed a widespread and critical flaw in multiple archive file-extraction libraries found in thousands of open-source web application projects from HP, Amazon, Apache, Oracle ...
Threat Post

Zip Slip Flaw Affects Thousands of Open-Source Projects

An exploit allows attackers to remotely overwrite archive files with their own content, and from there pivot to achieving remote command execution on the machine. A known critical vulnerability has ...