Security company Snyk has disclosed a vulnerability affecting applications that extract archived files, which may be exploited to extract malicious programs to a target system.
The vulnerability allows an attacker to archive a malicious program which masquerades as an executable that their target web application will run.
While archiving the program into a .zip or similar file format, the attacker configures it so their malicious program overwrites the executable they are targeting.
The vulnerability is exploited using a specially-crafted archive that holds directory traversal filenames (e.g. ../../evil.sh). The Zip Slip vulnerability can affect numerous archive formats, including tar, jar, war, cpio, apk, rar, and 7z.
“The lack of such a library led to vulnerable code snippets being hand crafted and shared among developer communities such as StackOverflow,” said Snyk.