Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zed has Zip Slip Path Traversal in Extension Archive Extraction
Vulnerability Description
Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The `extract_zip()` function in `crates/util/src/archive.rs` fails to validate ZIP entry filenames for path traversal sequences (e.g., `../`). This allows a malicious extension to write files outside its designated sandbox directory by downloading and extracting a crafted ZIP archive. Version 0.224.4 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Zed 路径遍历漏洞
Vulnerability Description
Zed是Zed Industries开源的一个代码编辑器。 Zed 0.224.4之前版本存在路径遍历漏洞,该漏洞源于扩展归档提取功能未验证ZIP条目文件名中的路径遍历序列,可能导致任意文件覆盖漏洞。
CVSS Information
N/A
Vulnerability Type
N/A