Open-Source Security: Zip Slip Critical Flaw Hits Thousands of Projects. Update Now


Security firm Snyk has disclosed a widespread and critical flaw in multiple archive file-extraction libraries found in thousands of open-source web application projects from HP, Amazon, Apache, Oracle, LinkedIn, Twitter and others.

As Snyk explains, some ecosystems, such as Java, don’t provide a central software library for fully unpacking archive files, leading developers to write their own code snippets to enable that functionality.

Snyk has published a list on GitHub of affected archive processing libraries for Java, .NET, Oracle, Apache, Ruby, and Go software.

Read more at ZDNet