Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51777

Fix "zip-slip" for tar archives

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Basically https://github.com/jenkinsci/jenkins/pull/3402 for untar in the same file.

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/java/hudson/FilePath.java
          http://jenkins-ci.org/commit/jenkins/7438abb88fc7d9bbd5f2b265e8fb191179a3c553
          Log:
          JENKINS-51777 Don't let tar entries escape target dir

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/hudson/FilePath.java http://jenkins-ci.org/commit/jenkins/7438abb88fc7d9bbd5f2b265e8fb191179a3c553 Log: JENKINS-51777 Don't let tar entries escape target dir
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          core/src/main/java/hudson/FilePath.java
          http://jenkins-ci.org/commit/jenkins/1afd9f8c6ea02d6e2e3b80eb384526b61f43cd80
          Log:
          Merge pull request #3482 from daniel-beck/zip-slip-tar

          JENKINS-51777 Don't let tar entries escape target dir

          Compare: https://github.com/jenkinsci/jenkins/compare/ee384ba34c4f...1afd9f8c6ea0
          *NOTE:* This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

          Functionality will be removed from GitHub.com on January 31st, 2019.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: core/src/main/java/hudson/FilePath.java http://jenkins-ci.org/commit/jenkins/1afd9f8c6ea02d6e2e3b80eb384526b61f43cd80 Log: Merge pull request #3482 from daniel-beck/zip-slip-tar JENKINS-51777 Don't let tar entries escape target dir Compare: https://github.com/jenkinsci/jenkins/compare/ee384ba34c4f...1afd9f8c6ea0 * NOTE: * This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019.
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Fixed in Jenkins 2.127

          Show
          oleg_nenashev Oleg Nenashev added a comment - Fixed in Jenkins 2.127

            People

            • Assignee:
              danielbeck Daniel Beck
              Reporter:
              danielbeck Daniel Beck
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: