Open-Source Security: Zip Slip Critical Flaw Hits Thousands of Projects. Update Now
Security firm Snyk has disclosed a widespread and critical flaw in multiple archive file-extraction libraries found in thousands of open-source web application projects from HP, Amazon, Apache, Oracle, LinkedIn, Twitter and others.
As Snyk explains, some ecosystems, such as Java, don't provide a central software library for fully unpacking archive files, leading developers to write their own code snippets to enable that functionality.
Snyk has published a list on GitHub of affected archive processing libraries for Java, .NET, Oracle, Apache, Ruby, and Go software.
Read more at ZDNet