You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
vpkpp: fix directory traversal vulnerability
Packed files with nested directories labeled .. are able to extract to directories above the specified output directory.
This commit adds a safeguard to check whether the absolute path of the extracted file is above the specified output directory, and does not extract that file if so.
Co-authored-by: Elle Woods <ellewoods@tuta.io>