CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
20.2%
Zip Swift is vulnerable to Zip Path Traversal vulnerability (Zip Slip). The vulnerability is due to not sanitizing zip entry while extracting zip files in a destination directory inside a unzipFile
function. An attacker can a create a maliciously crafted zip entry which can be extracted to arbitrary locations outside the destination directory causing overwriting sensitive user data or possibly resulting in RCE.