Open-Source Security: Zip Slip Critical Flaw Hits Thousands of Projects. Update Now

Security firm Snyk has disclosed a widespread and critical flaw in multiple archive file-extraction libraries found in thousands of open-source web application projects from HP, Amazon, Apache, Oracle, LinkedIn, Twitter and others.

As Snyk explains, some ecosystems, such as Java, don’t provide a central software library for fully unpacking archive files, leading developers to write their own code snippets to enable that functionality.

Read More

Leave a Reply