Arbitrary File Write via Archive Extraction (Zip Slip)

Overview dbgate-api is an Allows run DbGate data-manipulation scripts. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via insufficient validation of file paths and types in the reader function. An attacker can access arbitrary files on the...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview dbgate-api is an Allows run DbGate data-manipulation scripts. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the file parameter in the /uploads/get endpoint. An attacker can access arbitrary files on the system by supplying a...