rc-zip

vulnerability zip-slip
severity 7.3
language rust
registry other

:book: Description

rc-zip Pure rust zip & zip64 reading and writing. this package is vulnerable for zip-slip

https://github.com/rust-compress/rc-zip https://crates.io/crates/rc-zip

:recycle: Steps To Reproduce-:

  1. download and run latest release from https://github.com/rust-compress/rc-zip
  2. run by
git clone https://github.com/rust-compress/rc-zip
cargo build samples/jean/src/main.rs
then run by ./target/debug/jean unzip slip.zip

slip.zip

:telescope: POC

poc.png

💥 Impact

arbitrary file overwrite