Apache
/
maven
mirror of https://github.com/apache/maven.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[MNG-6942] Arbitrary file write during archive extraction ("Zip Slip") in wrapper

This commit is contained in:
rfscholte 2020-06-20 12:59:22 +02:00
parent d35573e06c
commit 101caea3c3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java
View File

@ -211,7 +211,7 @@ public class Installer
continue; continue;
} }
Path targetFile = dest.resolve( entry.getName() ); Path targetFile = dest.resolve( entry.getName() ).normalize();
// prevent Zip Slip // prevent Zip Slip
if ( targetFile.startsWith( dest ) ) if ( targetFile.startsWith( dest ) )