Case Study on Zip Slip Vulnerability

[Bhanu-2811]

We propose to create a secure coding case study on the Zip Slip vulnerability, a path traversal issue that occurs during archive extraction.

This vulnerability allows attackers to craft malicious archive files that can overwrite files outside the intended directory when extracted.

It is an important case because it affects many programming languages and demonstrates how improper file path validation can lead to serious security issues.

Team Members:

• Bhanu Prakash Reddy Ramidi (G01568334)
• Samay Salveru (G01586013)

We plan to proceed with this case study unless there are objections.

[abuttner]

My understanding is that Zip Slip is a type of vulnerability that has been identified in many software products. For the case study you should pick a very specific instance and walk through it. Focus on the underlying weakness (i.e., the coding mistake) that enables the Zip Slip issue. So, which specific vulnerability (e.g., CVE number) are you going to look at?

[david-a-wheeler]

No, this is a category/kind of vulnerability. You need to write about a specific one. Find a specific example and write on that. If you can't identify the specific CVE you're discussing, something is probably wrong.