Skip to content

JRE provisioning: Harden against Zip bomb attack #2039

New issue
New issue
Open
Open
JRE provisioning: Harden against Zip bomb attack#2039
Labels
Type: Cleanup
@martin-strecker-sonarsource

Description

@martin-strecker-sonarsource
martin-strecker-sonarsource
opened on Jul 10, 2024

The JRE provisioning is vulnerable against zip bomb attacks in the ZipUnpacker and the TarGzUnpacker implementations.
For details see the security hotspot for rule S5042 in ZipUnpacker's use of zipArchive.ExtractToDirectory.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    Type: Cleanup

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions