CVE-2023-39135: Path traversal in Zip Swift

August 31, 2023 (updated February 9, 2024)

An issue in Zip Swift v2.1.2 allows attackers to execute a path traversal attack via a crafted zip entry.

References

blog.ostorlab.co/zip-packages-exploitation.html
github.com/advisories/GHSA-g454-wj9r-jpg4
github.com/marmelroy/Zip
github.com/marmelroy/Zip/issues/245
nvd.nist.gov/vuln/detail/CVE-2023-39135
ostorlab.co/vulndb/advisory/OVE-2023-1
security.snyk.io/research/zip-slip-vulnerability

Detect and mitigate CVE-2023-39135 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →