Zip Slip vulnerability affects thousands of projects

Share this…


An arbitrary file-overwrite vulnerability affects a large number of projects, researchers reveal.

The flaw, known as Zip Slip by information security training experts that have analyzed it, has already been seen in the past, but never on a scale as large as now.

Zip Slip is some kind of transversal directory that can be used by extracting files from other folders, the premise of this vulnerability is that the attacker can access parts of the system archives outside of the folders where they reside, explain specialists in information security training. The vulnerability is exploited using a specially designed folder that contains transversal directory file names, to exploit this the attacker only requires malicious files and extraction codes without validation checking.

Creating these malicious files is easy with the right tools, researchers say, and vulnerable libraries and code snippets are abundant.

Developers are not security experts; they usually focus on delivering the code on time and therefore can easily miss security failures, even if the practice is known, reports the International Institute of Cyber Security.

With so many resources at their disposal, developers rely too much on shared libraries and copying-pasting code extracted from social networks like StackOverflow to keep their work constant, this accelerates their processes, but it also means that the vulnerability expands much faster, as is the case of Zip Slip.

How widespread is this vulnerability?

The Zip Slip vulnerability can affect many archive formats.

It has been found in many repositories in many ecosystems (Java, JavaScript, Ruby) and libraries on which thousands of applications depend. It is especially common in Java because there is no central library that offers a high level of file processing, researchers found, so developers had to write their own code or use code sharing.

No reports have been filed on hackers exploiting the vulnerability, although there are tools that can be used to facilitate an attack.

“Detecting a system that has already been compromised is very difficult, as the result of the exploit is simply reflected as files in the system,” commented the specialists.

Vulnerability detection tools can identify attacks as they occur by inspecting compressed files and other files introduced to the network from different sources, examining the files listed on them and marking any files that refer to external folders.