Path Traversal in rust-compress/rc-zip


Reported on

Feb 7th 2021

:book: Description

rc-zip Pure rust zip & zip64 reading and writing. this package is vulnerable for zip-slip

:recycle: Steps To Reproduce-:

  1. download and run latest release from
  2. run by
git clone
cargo build samples/jean/src/
then run by ./target/debug/jean unzip

:telescope: POC


💥 Impact

arbitrary file overwrite

to join this conversation