Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
SSZipArchive 后置链接漏洞
Vulnerability Description
SSZipArchive是ZipArchive开源的一个简单的实用程序类。用于在 iOS、macOS 和 tvOS 上压缩和解压缩文件。 SSZipArchive 2.5.3及以前版本存在安全漏洞,该漏洞源于其缺乏对符号链接路径的消毒导致当受害者打开一个包含符号链接作为第一项的恶意ZIP时,SSZipArchive将覆盖文件系统上的文件导致任意文件写入。
CVSS Information
N/A
Vulnerability Type
N/A