CVE-2018-25046: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

December 28, 2022 (updated February 7, 2023)

Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

References

github.com/advisories/GHSA-32qh-8vg6-9g43
github.com/cloudfoundry/archiver/commit/09b5706aa9367972c09144a450bb4523049ee840
nvd.nist.gov/vuln/detail/CVE-2018-25046
pkg.go.dev/vuln/GO-2020-0025
snyk.io/research/zip-slip-vulnerability

Code Behaviors & Features

Detect and mitigate CVE-2018-25046 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →