ZIP Bomb

A vulnerability related to ZIP file handling has been discovered in the Jodd library. It allows attackers to exploit specially crafted high-compression ZIP files to consume a large amount of system space. A large amount of repetitive data (such as all-zero files) can be significantly compressed into a very small file when using ZIP compression. The ZIP_DEFLATED compression algorithm compresses empty data very efficiently, so even if the original file is large, the resulting ZIP file can remain very small.

![Image](https://github.com/user-attachments/assets/9520dba6-cc9c-4a6d-8abc-bae581713a10)

![Image](https://github.com/user-attachments/assets/990cfc23-24d7-4ee1-b63a-69260cb11886)

![Image](https://github.com/user-attachments/assets/217145e1-a6b7-42b5-b5ff-077f78f960aa)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ZIP Bomb #792

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Participants

ZIP Bomb #792

Description

Activity

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Participants

Issue actions